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Your  potential.  Our  passion 

Microsoft 


In  a  people-ready  business,  people  make  it  happen.  People,  ready  with  software. 

When  you  give  your  people  tools  that  connect,  inform,  and  empower  them,  they're  ready. 
Ready  to  collaborate  with  partners,  suppliers,  and  customers.  Ready  to  streamline  the 
supply  chain,  beat  impossible  deadlines,  and  develop  ideas  that  can  sway  the  course  of 
industry.  Ready  to  build  a  successful  business;  a  people-ready  business.  Microsoft.  Software 
for  the  people-ready  business.'"  To  learn  more,  visit  microsoft.com/peopieready 
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MEET  THE  FOREST 


(SAY  GOODBYE  TO  THE  TREES) 


Introducing  Intel®  yPro""  technology. 

It's  the  most  exciting  leap  in  business  desktop 
computing  since  the  introduction  of  the 
Intel  Pentium  processor  over  a  decade  ago, 

The  new  Intel  vPro  technology  is  much 
more  than  just  a  new  processor. 

It's  a  remarkable  combination  of  new 
technology  that  is  optimized  for  business, 
Just  about  every  repetitive  task  (installing 
software,  upgrading  licenses,  running 
diagnostics)  is  made  more  simple  and 
more  efficient, 

Pro  Security. 

Intel  vPro  technology  is  optimized  to 
provide  additional  security  at  the  hardware 
level  of  your  desktop  PC.  Now  users 
can't  unknowingly  (or  even  knowingly) 
disable  security  features.  In  fact,  Intel 
vPro  technology  can  even  isolate  infected 
PCs  from  the  rest  of  the  network  so  your 
company  can  stay  online  and  productive. 

Pro  Savings. 

Seventy-five  percent  of  all  IT  budgets  is 
spent  on  maintenance  and  integration  costs, 
Intel  vPro  technology  enables  third-party 


software  solutions  to  manage,  secure  and 
inventory  your  PCs  regardless  of  power 
state  or  the  health  of  the  OS,  Saving  you  time 
and  money. 

Pro  Performance. 

How  is  this  possible?  These  benefits  ail 
run  on  dual-core  technology  that  enables 
a  responsive  end-user  experience.  Even 
with  your  security  and  management  tasks 
running  in  the  background. 

Now  your  network  of  PCs  can  actually  report 
where  they  are,  what  they're  doing  and  how 
they're  feeling. 

Intel  vPro  technology  is  a  desktop 
architecture  that  is  designed  to  add 
functionality,  security  and  manageability  to 
the  solutions  and  equipment  you  already 
have  installed. 

Be  Pro  Active.  Go  Pro. 

^  You'll  be  reading  and  hearing 
(intGl/  more  about  Intel  vPro 
^  technology  in  the  next  few 
VPrCS  ^rid  months.  You  can  find 

detailed  information  on  how 
new  Intel  vPro  technology  will  help  your 
company  or  organization  at  intel.com. 
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I  have  people  to  support  and  ideas  to  enable.  Look  out  world,  because  my  network  is  coming  through. 

Dynamic  Networking  from  AT&T  gives  Maya  the  IP  solutions  she  needs  to  connect  suppliers,  customers  ^ 
and  employees  worldwide.  With  IP  VPNs,  Maya  has  a  cost-effective  networking  solution  that  allows  users  Mv 
to  collaborate  no  matter  where  they  are.  And  with  AT&T's  integrated  network  security,  Maya  knows  she^; 
can  expand  her  endpoints  without  any  increase  in  exposure.  . 
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THE  NAKED  INTERNET 


Well,  actually,  the  skeleton.  We  have  a  map  that 
shows  just  about  every  router  on  the  North 
American  backbone  (there  are  134,855  of  them). 
Learn  about  the  net  neutrality  debate  in  Senior 
Writer  Ben  Worthen’s  story  on  Page  74,  and  then  go 
online  to  his  blog.  Net  Effect,  to  see  the  map.  Go  to 
blogs.cio.com/neteffect  and  look  for 
“Who  Owns  the  Internet?” 
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Confessions  the  World’s  Most  Demanding  CIOs.'; 

“We  have  met 
the  competition, 
and  it  is  us.” 

“An  OOCL  container  ship  is  only  the  most  visible  element  of  an  enormously 
complex  enterprise  that  moves  goods  from,  say,  Shanghai  to  Kilkenny. 

“With  our  IT,  we  do  that  better  than  our  competitors.  So  we  compete  against 
our  own  benchmarks. 

“HP  helped  us  get  there  — to  migrate  from  mainframe  to  open  systems, 
and  to  adopt  standards-based  technology  for  real-time  communication  with 
partners.  So  OOCL  can  adapt  to  market-driven  changes  much  faster  than 
other  carriers. 

“Today,  IT  costs  have  dropped  sharply,  and  we  project  double-digit 
growth  for  the  next  five  years. 

“Now  we’ll  try  to  beat  that.” 

-Ken  Chih,  CIO 

Make  change  work  for  you.  Visit  www.hp.com/adapt 
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running  on  SQL  Server™  2005  with  99.98%  uptime.*  See  how  at  microsoft.com/bigdata 
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FROM  THE  EDITOR 


What’s  So 
Funny? 

If  laughter  reduces  stress 
and  increases  productivity, 
why  do  corporate  cultures 
tend  to  be  so  grim? 


i 
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I  recently  saw  Spamalot,  the  Broadway  extravaganza  and  laugh-fest  written  by  for¬ 
mer  Monty  Pythoner  Eric  Idle.  Being  a  Python  fan  from  way  back,  I  thoroughly  enjoyed 
the  re-creations  of  some  of  my  favorite  moments  from  Monty  Python  and  the  Holy  Grail 
(the  knights  who  say  “ni”;  the  killer  rabbit;  the  French  castle  scene).  As  work  had 
been  somewhat  stressful  lately,  getting 
out  and  laughing  for  a  couple  of  hours 
was  wonderfully  therapeutic. 

Various  studies  argue  that  a  good 
belly  laugh  produces  numerous  health 
benefits.  “Laughter  reduces  at  least  four 
neuroendocrine  hormones  associated 
with  the  stress  response,  including  epi¬ 
nephrine,  cortisol,  dopac  and  growth 
hormone,”  writes  Paul  E.  McGhee  in  an  article  titled  “Humor  and  Health”  (his  web¬ 
site  is  http://laughterremedy.com).  Other  sources  claim  that  laughter  relieves  pain, 
boosts  the  immune  system,  lowers  blood  pressure  and  stimulates  the  production  of 
endorphins,  which  make  you  feel  good. 

But  can  laughter  help  a  business  be  more  productive?  Many  believe  it  can.  Not 
only  can  humor  reduce  stress,  making  employees  happier  and  healthier,  it  can  also 
enhance  people’s  ability  to  retain  and  retrieve  information,  says  author  and  consult¬ 
ant  Ron  Culberson  in  a  recent  Fast  Company  article,  “Laughing  Your  Way  to  Success.” 

My  favorite  Python,  John  Cleese,  agrees.  Cleese  branched  out  into  corporate  train¬ 
ing  videos  and  motivational  speaking  in  the  ’70s  and  ’80s.  (Who  can  forget  such  clas¬ 
sics  as  “Meetings,  Bloody  Meetings”  and  “Body  Language  Howlers”?)  “Humor  in 
training  increases  retention  and  decreases  anxiety,”  Cleese  has  said.  “If  the  training 
point  is  surrounded  with  humor,  it  can  be  readily  digested,  remembered  and  applied.” 

Humor  in  the  workplace  has  been  shown  to  stimulate  creative  thinking  and  increase 
productivity,  says  Bruce  Baum,  professor  of  exceptional  education  at  Buffalo  State  Uni¬ 
versity,  in  the  Fast  Company  article.  “The  more  fun  you  have,  the  more  you  can  get  done.” 

But  Cleese  is  well  aware  that  the  workplace  is  not  the  most  conducive  environ¬ 
ment  for  humor.  He  once  said,  “I  find  it  rather  easy  to  portray  a  businessman.  Being 
bland,  rather  cruel  and  incompetent  comes  naturally  to  me.”  And  if  you  look  at  the  por¬ 
trayal  of  the  workplace  in  popular  culture,  that’s  pretty  much  the  picture  you  get. 
Have  you  seen  The  Office!  Sure  it’s  funny,  but  in  a  painful  way. 

Part  of  the  problem  is  that  at  first  blush  comedy  seems  to  be  at  odds  with  competi¬ 
tion.  Can  you  imagine  Olympic  figure  skater  Sasha  Cohen  taking  time  before  her 
program  to  tell  a  joke?  Well,  maybe  if  she  had,  she  might  not  have  fallen.  A  famous  Joe 
Montana  story  has  the  Hall  of  Fame  quarterback  pausing  in  the  huddle  to  draw  his 
teammates’  attention  to  John  Candy  sitting  in  the  stands  during  the  49ers’  successful 
last-minute  drive  in  the  1982  Super  Bowl.  The  trick  is  finding  the  right  way  to  incor¬ 
porate  humor  into  your  work  setting. 

Have  you  found  that  way?  If  so.  I’d  love  to  hear  about  it. 


"Humor  in  training  increases 
retention  and  decreases 
anxiety.  If  the  training  point 
is  surrounded  with  humor, 
it  can  be  readily  digested, 
remembered  and  applied/' 

-John  Cleese,  Minister  of  Silly  Walks 


Abbie  Lundberg,  Editor  in  Chief 
lundberg(g)cio.com 
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Obviously,  great 
minds  think  alike. 


73%  of  the  FORTUNE  100®  and  76% 
of  the  European  100  compared  business 
collaboration  providers  and  came  to 
a  single  conclusion. 
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Many  of  the  world's  nnost  successful  organizations  rely  upon  Sterling  Commerce  to  automate  their  business  pro¬ 
cesses,  so  they  can  exchange  critical  information  with  their  trading  partners,  subsidiaries  and  customers.  Reliably. 
Securely.  And  regardless  of  the  application  being  used.  Sterling  Commerce  delivers  the  first  platform  to  meet  all 
the  complex  challenges  of  real-world  multi-enterprise  collaboration.  Find  out  what  so  many  companies  already 
know.  Speak  to  a  Sterling  Commerce  representative  today.  Or  visit  www.sterlingcommerce.com 
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The  Coming  Pandemic 

No,  not  bird  flu.  Identity  theft. 

As  the  world  tries  to  ready  itself  for  the  inevitable 
spread  of  the  H5N1  avian  flu  virus,  it’s  unsettling  to 
see  another  pandemic  creeping  up  on  us  for  which  we 
seem  frighteningly  unprepared.  Fm  referring  to  iden¬ 
tity  theft  and  to  the  fact  that  companies  are  simply  not 
taking  sufficient  care  to  protect  their  most  impor¬ 
tant  asset:  their  customers. 

The  numbers  are  already  staggering,  and  they  will 
only  get  worse.  At  the  recent  CSO  Perspectives  Con¬ 
ference,  hosted  by  CIO’s  sister  publication,  David 
McIntyre,  CEO  of  TriWest,  reported  that  S3  million  identities  have  been  stolen  to  date 
and  19,000  more  are  stolen  every  day.  When  it  comes  to  cleaning  up  this  mess,  com¬ 
panies  on  average  spend  1,600  work  hours  per  incident  at  a  cost  of  $40,000  to 
$92,000  per  victim. 

But  what’s  even  more  expensive  than  the  cleanup  is  the  cost  to  customer  rela¬ 
tions.  According  to  Edward  McNicholas,  a  partner  in  the  law  firm  Sidley  Austin,  if 
you  experience  a  security  breach,  20  percent  of  your  affected  customer  base  will  no 
longer  do  business  with  you,  40  percent  will  consider  ending  the  relationship,  and 
5  percent  will  be  hiring  lawyers! 

Business  continues  to  profit  from  the  information  it  gathers  about  its  customers, 
using  IT  to  leverage  that  data  to  create  more  efficient  sales  strategies  and  more  oppor¬ 
tunities  for  doing  business.  But  with  this  profit  comes  risk.  ChoicePoint  and  BJ’s 
Wholesale  have  become  poster  children  for  what  happens  if  an  enterprise  is  not  suf¬ 
ficiently  careful  with  the  information  it  collects.  Can  you  afford  a  $15  million  fine  such 
as  the  one  the  Eederal  Trade  Commission  levied  in  January  on  ChoicePoint?  Can  you 
afford  any  breach  of  confidence  with  your  customers? 

These  questions  are  obviously  rhetorical.  No  company  wants  to  place  customers 
in  harm’s  way  or  risk  its  relationship  with  them.  What’s  not  a  rhetorical  question  is, 
“Are  you  doing  all  you  can  to  make  sure  that  this  does  not  happen  to  your  organiza¬ 
tion?  And,  if  it  does,  do  you  have  a  plan  in  place  to  deal  with  it?”  Unless  business  brings 
all  its  energy  and  resources  to  bear  on  this  growing  problem,  we  risk  a  pandemic  that 
will  rock  the  buyer-seller  relationship  to  its  core. 

Let  me  know  what  you’re  doing  to  inoculate  your  enterprise. 


Michael  Friedenberg,  President  and  CEO 

mfriedenberg@cio.com 
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Location,  Location,  Location. 
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It's  fundamental  to  your  business.  Are  you  leveraging  your  location  data? 

Customer  addresses,  time  zones,  office  facilities,  service  areas,  political  boundaries,  critical  shipments, 
utility  networks,  field-workers,  real  estate,  mobile  assets,  and  warehouses — location  is  mission  critical 
in  every  organization. 

By  leveraging  the  location  information  that  is  inherent  in  your  information  systems,  you  can  manage 
your  organization  more  efficiently  and  cost-effectively,  helping  you  gain  a  competitive  advantage. 

ESRI  technology  is  a  standards-based,  scalable,  and  interoperable  platform  that  can  exploit  location 
data  in  your  business  processes.  With  ESRI  geographic  information  system  (GIS)  technology,  you  can 
make  location  information  and  analysis  available  to  the  people  in  your  organization — at  all  levels — 
who  need  it  most. 


ESRI 


To  learn  more  about  leveraging  your  location  data,  please 
visit  www.esri.com/it  or  call  1-888-373-1192. 

You  have  the  location  information;  put  it  to  work  for  you. 


Copyright  O  2005  ESRI.  All  rights  reserved.  The  ESRI  globe  logo,  ESRI,  ArcMap,  vvww.esri.com.  and  Arcinfo  are  trademarks,  registered  trademarks,  or  service  marks  of  ESRI  in  the  United  States,  the  European  Community,  or  certain  other  jurisdictions. 


Leaders  Wanted/CIO  Challenge  Series 
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j 

Challenge  #1: 

Teach  everyone  how  to 
innovate  with  IT. 


Solution:  Hyperion — your  management 
system  for  the  global  enterprise. 

Technology  drives  innovation.  That  makes  you  Chief  Innovation  Officer.  So  ; 
how  do  you  transform  innovation  from  a  buzzword  into  a  sustainable  part* 
of  your  business?  Visionary  CIOs  are  leading  the  way  with  Hyperion i 
performance  management  solutions.  With  Hyperion,  you  break  down  thei 
barriers  between  finance,  operations  and  planning  and  align  them  arounc| 
a  master  data  set.  You  give  everyone  the  tools  they  need  to  continuously  I 
analyze  and  manage  business  performance — and  invent  new  ways  tct 
improve  it.  Isn’t  that  what  real  innovation  is  all  about?  ; 


FREE  ARTICLE  FROM  HARVARD  BUSINESS  REVIEW 

How  do  other  IT  leaders  drive  innovation? 

Discover  new  insights  and  best  practices  from  the  Harvard  Business  Review  and 
Hyperion.  Co  to  www.hyperion.com/go/leaders 


#  Hyperion" 

The  future  in  sight 


©2006  Hyperion  Solutions  Corporation,  All  rights  reserved. "Hyperion,"  the  Hyperion  logo  and  Hyperion's 
product  names  are  trademarks  of  Hyperion.  References  to  other  companies  and  their  products  use 
trademarks  owned  by  the  respective  companies  and  are  for  reference  purpose  only. 
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you  're  only  reacting  to  it. 


Let  Internet  Security  Systems  stop 

network  threats  before  they  impact  your  business 


P  U  L  L 

IN  CASE 
OF 

FIRE 


How  do  you  ensure  compliance  and  manage  costs  when  your  security  is  less  than  certain?  Even  "zero-day"  solutions  aren't  fast 
enough  to  protect  against  losses  once  an  Internet  attack  hits.  The  alternative  is  preemptive  security  from  Internet  Security  Systems. 
Because  our  enterprise  solutions  are  based  on  the  world's  most  advanced  vulnerability  research,  only  ISS  can  can  offer  preemptive 
security  and  stop  threats  More  they  impact  your  business.  So  why  rely  on  "reaction"  when  security  can  be  a  sure  thing? 

Need  proof?  Get  a  free  whitepaper,  Preemptive  Security:  Changing  the  Rules,  at  www.iss.net/proof  or  call  800-776-2362. 

Internet  |  Security  |  Systems® 

Ahead  of  the  threat 


NETWORK  &  HOST  INTRUSION  PREVENTION 


MANAGEO  SECURITY  SERVICES 


VULNERABILITY  MANAGEMENT 


©2006  Internet  Security  Systems  Incorporated.  All  rights  reserved  worldwide. 


SAS  gives  1-800-FLOWERS.COM 


KNOW 

how  to  cultivate  brand  loyalty  through  quality  customer  relationships. 

A  pioneer  on  the  Internet,  1-800-FLOWERS.COM  is  now  a  leading  multichannel  retailer  with  more  than 
15  million  customers.  Brand  loyalty  -  rooted  in  personal,  one-to-one  customer  relationships  -  has  helped  the 
company  flourish.  And  that’s  where  SAS  comes  in.  With  SAS '  business  intelligence  and  analytic  software, 
1-800-FLOWERS.COM  can  quickly  understand  customer  behaviors,  target  products  and  offers,  and 
predict  results  that  strengthen  its  overall  CRM  strategy.  The  result?  A  15  percent  increase  In  customer 
retention.  To  learn  more  about  1  -800-FLOWERS.COM  and  other  SAS  success  stories  that  go  Beyond  S/" 
visit  our  Web  site. 


CHRIS  MCCANN 

PRESIDENT,  1-800-FLOWERS.COM 


www.sas^com/flourish 
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Land  of  the 

Wired 

The  United  States  tops 
the  world  in  deployment 
and  use  of  IT 

INFRASTRUCTURE  The  United  States 
has  regained  its  position  as  the  most  wired 
nation  in  the  world,  according  to  a  report  by  the 
World  Economic  Forum  (WEF). 

The  WEF’s  Global  biannual  “Information  Technology” 
report  measures  the  information  and  communication  technology 
readiness  of  115  countries.  Countries  are  ranked  on  more  than 
5  dozen  factors,  including  their  communications  infrastructure, 
level  of  government  regulations,  quality  of  schools,  availability  of 
venture  capital,  and  the  level  of  business  and  government  usage 
of  the  latest  technologies.  These  factors  compose  what  the  WEF 
calls  a  networked  readiness  index. 

Irene  Mia,  senior  economist  at  the  WEF,  says  the  index,  by 


identifying  a  country’s  strengths  and  weak¬ 
nesses  in  IT,  helps  governments  prioritize  their 
development  efforts.  “The  report  provides  the  per¬ 
fect  platform  for  public-private  dialogue  and  [emphasizes]  the 
importance  of  ICT  [information  and  communication  technology] 
for  [a  country’s]  development.” 

The  United  States  rose  from  fourth  place  in  the  WEF’s  last 
ranking,  published  in  2004.  More  significant,  however,  is  the 
fact  that  the  United  States  has  held  the  top  position  for  three 
out  of  the  past  five  years,  according  to  Augusto  Lopez-Claros, 
chief  economist  at  the  WEF  and  Continued  on  Page  22 


IT  Unlocks  the  Origin  of  Darwin's  Theory 


DATABASES  British  naturalist 
Charles  Darwin  is  credited  with  the 
theory  of  evolution,  but  a  crucial  part 
of  his  theory  came  from  his  mentor, 
John  Stevens  Henslow,  a  lesser-known 
Cambridge  University  professor. 

Henslow  may  have  been  forever 
relegated  to  obscurity  were  it  not  for 
database  analytics.  For  more  than  two 
years,  a  team  of  researchers  based  at 
Cambridge  worked  to  uncover  a  secret 
hidden  in  Henslow’s  160-year-old  her¬ 


barium  (his  collection  of  plants). 

Henslow's  herbarium  consists  of 
paper  sheets  with  more  than  10,000 
dried  plant  samples  on  them  that  he  and 
others  collected.  Henslow  documented 
the  samples'  origins  and  species,  among 
other  data. 

According  to  Mark  Whitehorn,  a  data¬ 
base  expert  who  worked  on  the  project, 
once  this  information  was  transferred 
into  a  database,  researchers  were  able 
to  draw  connections  from  the  plant  sam¬ 


ples,  such  as  when  two 
collectors  may  have  been 
traveling  together. 

They  reached  a 
striking  conclusion: 

The  concept  of  variation— meaning 
differences  within  a  species  necessary 
for  its  survival  as  a  whole— was  first 
observed  by  Henslow,  Whitehorn  says. 
"He  trained  Darwin  to  observe  varia¬ 
tions  between  the  species." 

-Jeremy  Kirk 
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Broadband  for 
Everyone— 

in  Singapore 


INTERNET  Singapore  is  planning  a  national  broadband  network 
that  would  provide  ultra-fast  Internet  access  at  speeds  up  to  IGbps  for  every 
home  and  business. 

“Today,  a  high-speed  broadband  network  is  an  essential  infrastructure  for 
economic  development,  investment,  talent  attraction,  education  and  a  host 
of  other  activities,"  says  Lee  Boon  Yang,  Singapore’s  minister  for  informa¬ 
tion,  communications  and  the  arts. 

In  a  speech  delivered  in  March,  Lee  said  the  country’s  current  broadband 
infrastructure  will  not  be  able  to  cope  with  surging  demand  for  data  access 
in  the  years  ahead,  making  a  network  upgrade  necessary. 

The  planned  Next-Generation  National  Broadband  Network,  which  was 
first  outlined  in  Prime  Minister  Lee  Hsien  Loong’s  budget  speech  in  Febru¬ 
ary,  will  connect  all  homes,  schools  and  businesses  in  Singapore.  A  wireless 
broadband  network  will  also  blanket  the  city-state. 

Government  officials  view  broadband  Internet  access  as  a  priority  for 
Singapore’s  economic  development.  The  country  was  among  the  first  in 
Asia  to  embrace  the  Internet  during  the  1990s,  but  since  then  other  coun¬ 
tries  in  the  region,  such  as  South  Korea  and  Japan,  have  built  faster,  more 
advanced  networks. 

The  upgraded  broadband  network  will  allow  Singaporeans  to  make  video 
calls  to  stay  in  touch  with  relatives  and  friends  overseas,  according  to  Lee, 
the  information  minister.  In  addition,  the  faster  connections  will  make  new 
consumer  services  possible,  such  as  high-definition  Internet  protocol  TV. 

“It  will  sharpen  our  business  efficiency  and  spark  off  many  new  opportuni¬ 
ties  for  entrepreneurs,"  he  says. 

The  government  plans  to  work  with  private  companies  to  build  the  net¬ 
work,  Lee  says,  and  is  prepared  to  provide  funding  to  kick-start  the  project. 

As  a  first  step,  Singapore’s  Infocomm  Development  Authority  (IDA),  a 
government  agency,  has  invited  service  providers  to  submit  proposals  for 
offering  wireless  broadband.  The  operating  model  specified  by  IDA  requires 
service  providers  to  offer  a  basic  service  for  the  lowest  possible  cost,  which 
may  include  one  year  of  free  access.  Service  providers  also  must  offer  a 
premium  service,  for  which  users  would  pay  more. 

-Sumner  Lemon 
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coeditor  of  the  report. 

The  WEF  also  notes  that  the  United  States  continues  to 
be  a  leader  in  technological  innovation,  which  the  report 
attributes  to  the  quality  of  its  universities  and  coopera¬ 
tion  between  its  research  and  business  communities. 

One  reason  the  United  States  tops  the  list  so  often  is 
that  U.S.  companies  are  more  decentralized  and  better 
managed,  according  to  a  study  by  John  Van  Reenen  and 
Raffaella  Sadun  of  the  London  School  of  Economics  that 
is  part  of  the  WEF  report.  As  a  result,  U.S.  companies 
obtain  higher  returns  from  their  IT  investments.  In 
industries  that  rely  heavily  on  IT,  U.S.  companies  had 
greater  productivity  gains  than  their  European  counter¬ 
parts,  according  to  the  study. 

Singapore,  which  held  the  top  spot  in  2004,  dropped  to 
second  place  this  year.  The  city-state  has  ranked  among  the 

top  three  most-wired  countries 
in  each  of  the  past  four  years, 
the  report  says,  because  of  its 
economy,  its  commitment  to 
higher  education,  and  govern¬ 
ment  support  for  the  latest 
technologies.  The  government 
of  Singapore  recently  launched 
an  effort  to  upgrade  its  broad¬ 
band  infrastructure  and  deploy 
a  national  wireless  network  (see 
“Broadband  for  Everyone— in 
Singapore”  this  page). 

Denmark,  Iceland,  Finland 
and  Sweden  have  also  estab¬ 
lished  themselves  as  technology 
leaders,  occupying  places  in  the 
top  10  for  the  past  five  years. 
This  year,  the  countries  took 
third,  fourth,  fifth  and  eighth 
places  respectively.  These  Nor¬ 
dic  countries  share  character¬ 
istics  similar  to  those  of  other 
IT  leaders,  the  report  says.  Top- 
notch  universities  and  flexibil¬ 
ity  of  government  regulations  in 
these  countries  have  created  an 
environment  that  encourages 
innovation,  the  deployment  of 
emerging  technologies  and  new 
business  ventures. 

-Katherine  Walsh  and 
Nancy  Gohring 
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s  from  Now 


A  rival  programmer  from 
your  college  days  hacks 
the  security  code  you 


wrote  for  your  company's 
customer  database. 


9  Days  from  Now: 

The  company  notices  the 
breach.  As  low  man  on 
the  totem  pole  and  writer 
of  the  code,  you  take  the 
blame,  and  lose  your  job. 


3  Months  from  Now: 

The  hacker  publishes  a  book  on 
how  he  pulled  off  the  great  hack. 
The  book  makes  millions. 


4  Months  from  Now: 

The  hacker  is  hired  at  your 
old  company  as  security  chief, 
at  EO  times  what  you  made. 


5  Months  from  Now: 


Vou  mov/e  out  of  your  nice 
two-bedroom  condo,  and  back 
to  your  mother's  basement. 
Where  you  spend  many  nights 
plotting  your  revenge. 


Wouldn't  you  rather  know  NOW? 


I 


Protecting  your  networks  is  not  enough.  Hackers  can  get  around  firewalls  by  attacking  weak  applications. 
But  Fortify®  strengthens  applications  at  the  source:  the  code  itself.  What's  that  mean  for  you? 

A  little  more  sleep  at  night.  While  the  hackers  go  into  hiding.  Fortify  your  software  today. 


FD  RTI  FY 


■ 


©  £006  Fortify  Sof tw-are  Inc; 


Get  your  FREE  security  assesshrient  today 
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Women 


LEADERSHIP  It’s harder for woiTien to 
become  CIOs  than  it  is  for  them  to  achieve 
any  other  executive  role,  according  to 


!  researchers  at  the  University  of  California, 

t 

t  Davis.  A  recent  study  by  the  university's 
Graduate  School  of  Management  found  only 
fourfemale  CIOs  at  the  200  largest  public 
companies  headquartered  in  California, 
i:  Although  there  are  few  women  in  C-level 

I;  jobs  at  any  of  the  200  companies,  32  percent 
have  female  executive  officers  and 
t'  66  percent  have  women  as  directors. 

;;  The  women  who  hold  the  top  IT  jobs  at 
|i  the  companies  surveyed  are  Mahvash  Yazdi, 
CIO  of  Edison  International:  Jennifer  Bolt, 
il  senior  VP  and  010  of  Franklin  Resources: 
Maria  Fitzpatrick,  VP  and  CIO  of  Mercury 
General:  and  Dawn  Martin,  executive  VP 

i ' 

and  010  of  Westcorp  and  WFS  Financial. 
i|  The  percentage  of  women  who  are  CIOs 
i!  is  similar  elsewhere  in  the  United  States, 

i  i 

Ij  says  Kim  Elsbach,  professor  of  management 
and  coauthor  of  the  study.  For  example,  she 
ij  says  a  study  by  InterOrganization  Network 
jl  counted  only  two  women  out  of  100  OlOs  in 
i'  Massachusetts. 

;i  June  Drewry,  CIO  with  the  insurance 
i :  company  Chubb,  says  there's  more  to  the 
!‘  problem  than  discrimination— including  career 
i ;  decisions  women  make  and  how  well-known 
1 1  they  are  to  upper  management.  One  part  of 
j '  the  solution,  she  says,  is  for  companies  to 
i  take  steps  to  cultivate  more  women  as  leaders 

through  leadership  development  and 
J  mentoring  programs.  -Maggie  Locher 
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More  Visas,  Less  Work 


Plan  to  increase  cap  on 
H-IB  visas  part  of 
immigration  debate 

A  Senate  committee  voted  in  March 
to  increase  the  annual  cap  for  H-IB 
visas  from  65,000  to  115,000,  amid 
renewed  debate  over  whether  tech¬ 
nology  companies  are  using  the  pro¬ 
gram  to  replace  American  workers 
with  cheaper  foreign  labor. 

The  cap  increase,  which  would 
allow  technology  companies  to 
hire  more  foreign  workers  for 
hard-to-fill  technology  jobs  such  as 
programming,  is  part  of  the  Com¬ 
prehensive  Immigration  Reform 
Act  of  2006,  which  Congress  began 
debating  in  March.  The  larger  mea¬ 
sure  is  controversial  because  of  dis¬ 
agreements  about  how  to  manage 
illegal  immigration. 

The  H-IB  visa  provisions  also 
would  provide  for  future  increases 
once  the  proposed  115,000  cap  is 
reached  and  would  eliminate  any 
visa  cap  for  advanced-degree  holders. 
About  20,000  visas  not  included  in 
the  65,000  cap  were  issued  last  year 
to  advanced-degree  holders. 

Technology  companies  such  as 
Microsoft  have  called  on  Congress 
to  increase  the  cap,  saying  they  often 
can’t  find  qualified  U.S.  workers  to 
fill  high-level  tech  jobs  and  need  the 
foreign  workers  in  order  to  remain 
competitive.  The  65,000  cap  was 
reached  last  year  in  the  first  month 
the  visas  were  offered.  “U.S.  busi¬ 
nesses  should  have  access  to  the  best 
and  brightest  workers  in  the  world,” 
said  Rep.  Bob  Goodlatte  (R-Va.)  at  a 
hearing  of  the  House  Subcommittee 


on  Immigration,  Border  Security 
and  Claims. 

According  to  a  recent  survey  by 
the  Society  for  Information  Manage¬ 
ment,  technology  executives  are  con¬ 
cerned  about  the  supply  of  workers 
who  can  fill  entry-level  programmer 
and  systems  analyst  positions,  as 
well  as  midlevel  jobs  such  as  archi¬ 
tects  and  project  managers. 

But  David  Huber,  a  network 
administrator  with  15  years  of  expe¬ 
rience,  told  the  subcommittee  that 
the  H-IB  program  was  the  reason  a 
utility  company  laid  him  off  in  May 
2003  in  favor  of  cheaper  foreign 
workers. 

The  H-IB  program  requires  com¬ 
panies  to  pay  the  prevailing  wage  to 
IT  workers,  but  John  Miano,  a  com¬ 
puter  programmer  for  18  years,  told 
the  subcommittee  that  according  to 
his  research,  companies  paid  foreign 
programmers  $13,000  less  than  the 
median  wage  in  the  areas  in  which 
the  companies  were  located.  A 
recent  study  by  the  Center  for  Immi¬ 
gration  Studies  reached  a  similar 
conclusion.  (See  “The  H-IB  Scam,” 
zvzvw.  do.  com/ 021506. ) 

Stuart  Anderson,  executive  direc¬ 
tor  of  the  National  Foundation  for 
American  Policy,  a  think  tank  focus¬ 
ing  on  trade  and  immigration  issues, 
disputed  Miano’s  research,  saying 
the  wages  of  entry-level  H-IB  hires 
can’t  be  accurately  compared  with 
those  of  experienced  IT  workers. 
Still,  Rep.  Steve  King  (R-Iowa)  ques¬ 
tioned  the  program’s  effects.  “We 
should  not  have  a  visa  program  that 
allows  an  employer  to  lay  off  U.S. 
workers  in  favor  of  cheaper  foreign 
labor,”  King  said.  -Grant  Gross 
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_MONDAY,  9:59  a.m,:  Things  are  out  of  control.  Our 
system’s  just  not  secure,  flexible  or  reliable  enough. 

_3:19  p.m.:  Gil  bought  some  “infrastructure  bloodhounds” 
online.  He  says  they  can  sniff  out  any  problem. 

_5:01:  Bloodhounds  aren’t  as  good  at  sniffing  out 
network  problems  as  they  are  at  chewing  Ethernet  cables. 


_TUESDAY,  8:13  a.m.:  Whoa!  Came  in  today  and  found 
a  black  hole.  Information  goes  in  but  doesn’t  come  out. 
This  is  bad. 

_4:46  p.m.:  The  black  hole  just  sucked  in  three  interns. 
HR  is  not  pleased. 


..r,  ■ 


IBM,  the  IBM  logo,  WebSphere,  Rational,  Tivoli.  Express  Middleware  and  Lotus  are  registered  trademarks  of  International  Business 
Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2006  tBM  Corporation.  SAP  is  a  registered  trademark  of  SAP  AG 
in  Germany  and  in  several  other  countries,  Oracle  is  a  registered  trademark  of  Oracle  Corporation  and/or  its  affiliates.  All  rights  reserved. 
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.WEDNESDAY,  9:45  a.m.:  Arghh!  We’re  so  slow.  It  takes  people 
forever  to  access. . .everything.  No  one  can  collaborate,  no 
one  can  make  smart  decisions  quickly  enough.  There’s  got 
to  be  a  better  way. 

_12:22  p.m.:  Gil  says  he’s  found  one:  aerodynamic 
bodysuits.  He  says  everyone  will  be  able  to  work  faster 
and  collaborate  better  now. 


_WEDNESDAY,  2:51  p.m.:  This  day  has  gone  from  bad  to 
scary  bad.  Now  the  business  is,  uh,  coming  apart.  I.T 
isn’t  in  sync  with  the  suits.  No  one’s  sure  what  they 
need  to  do.  It’s  totally  out  of  control. 

_4:57:  Gil  fell  into  the  crack.  Maintenance  needed  a 
GPS  device  and  a  hundred  feet  of  rope  to  rescue  him. 
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_THURSDAY,  11:02  a.m.:  I  give  up.  Our  infrastructure 
is  so  inflexible.  Our  apps  and  processes  don’t  work 
together.  We  can’t  respond  quickly  to  change.  It’s  out 
of  control. 

_11:42:  Gil  had  an  epiphany.  Duct  tape.  A  few  dozen 
rolls  later  and  he’s  integrated  everything,  and  everyone, 
by  hand. 

_11:45:  Duct  tape  can  fix  many  things.  Basketballs. 
Sofas.  Doorknobs.  But  not  widespread  app  and  process 
inflexibility. 


TAKE  BACK  CONTROL  WITH  THE  ENTIRE  PORTFOLIO  OF  IBM  MIDDLEWARE. 


WebSphere  Information  Management 


Tivoli  Rational 


_FRIDAY,  9:12  a.m.:  I  am  Ned. 
with  IBM  middleware. 


I  have  taken  back  control 


V* 


Control  lnfrastructure  chaos  with  IBM  Tivoli 
Express  ffiiddleware.  Backed  by  the  unparalleled 
expertisd  of  IBM’s  Business  Partners,  Tivoli  Express 
is  a  custbmizable  and  innovative  series  off  T 
management  solutions  designed  and  priced  for 
mid-sized  businesses.  It's  secure,  boostsuptime,  and 
protects  your  data  with  automated  backups. 

Control  untamed  information  with  IBM  Information 
Management  middleware.  Built  on  open  standards, 
it's  scalable,  modular  and  seamlessly  unites  all 
your  critical  information,  whatever  the  source.  More 
than  that,  it  gives  your  information  real  business 
value,  allowing  you  to  use  it  in  innovative  ways  to 
help  spur  growth. 

Control  slumping  productivity  with  IBM  WebSphere 
Portal,  part  of  the  Lotus  collaboration  family.  It's  a 
customizable  interface  that  integrates  the  apps,  processes 
and  info  your  people  need  to  collaborate  and  be 
productive.  It  works  throughout  your  enterprise  and 
with  customers  and  suppliers.  It’s  also  a  fast  start  to  a 
service  oriented  architecture. 

Control  out-of-sync  software  development 

with  IBM  Rational.  It  can  help  manage  all  your 
’  development  teams,  ensure  your  software’s  in 
compliance,  and  implement  a  service  oriented 
architecture.  With  Rational,  everyone  knows  their  job 
and  works  together.  And  your  development  process  is 
governed  and  aligned  with  your  business  goals. 

Control  business  paralysis  with  IBM  WebSphere 
middleware.  It  can  help  make  your  business  more 
flexible  by  seamlessly  integrating  the  apps  you  already 
have  -  even  those  from  SAP  and  Oracle.  Now  you  can 
change  processes  in  a  snap.  And  with  IBM's  industry- 
specific  expertise,  you  can  start  enabling  a  service 
oriented  architecture. 


How  do  you  Maximize  the  Value 

of  IT  to  the  Business? 

IT  is  still  one  of  the  most  misunderstood  functions  in  business.  The  CIO  Executive  Council,  a  profes¬ 
sional  community  developed  by  CIOs,  has  focused  its  members'  collective  effort  on  this  challenge. 

Their  initiative  has  resulted  in  groundbreaking  tools-the  IT  Value  Matrix  and  Knowledge  CenterTM_to 
help  leverage  the  value  of  IT  throughout  the  organization. 

The  IT  Value  Matrix  illustrates  the  principles  and  practices  essential  to  creating,  identifying  and 
communicating  IT's  value  to  the  enterprise.  Its  online  Knowledge  Center  provides  best  practices 
contributed  by  Council  members,  supplemented  by  case  studies  and  how-to  articles  from 
CIO  magazine  that  are  grouped  in  categories  that  correspond  to  all  the  components  of  the  Matrix. 


Visit  www.cioexecutivecouncil.com/it_value  to  get  your  own  copy  of  the  Matrix  and  to  watch 
the  IT  Value  webcast,  presented  by  Agrillance  CIO  and  Council  member  Steven  John. 


CIO  Executive  Council 

The  Professional  Organization  for  CIOs 


The  CIO  Executive  Council  was  created  by  readers  of  CIO  magazine  and  leaders  within 
the  community  of  CIOs  to  leverage  the  individual  and  collective  strengths  of  its  members 
both  to  serve  as  unbiased  and  trusted  advisors  to  each  other,  and  to  advance  the 
CIO  role  and  profession.  In  just  two  years,  more  than  300  CIOs  worldwide  from  various 
sectors  and  industries  have  identified  with  the  Council's  vision  and  committed  to  assist 
each  other,  cultivate  their  own  careers  and  those  of  their  team,  and  advance  the  role  of  the 
CIO.  To  inquire  about  membership,  visit  www.cioexecutivecouncii.com. 
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T.&E.tLD  LINES 


Alignment 

By  Robert  S.  Kaplan  and  David  P.  Norton 
Harvard  Business  School  Press,  2006, 
$35 


If  You  Want  to  Play,  You  Have  to  Keep  Score 

Balanced  Scorecard  authorstargetcorporatealignment 


BOOK  REVIEW  Robert  S.  Kaplan 
and  David  R  Norton  developed  the 
Balanced  Scorecard  as  a  method  for 
executing  strategy  and  measuring 
value.  By  identifying  business  goals, 
the  actions  required  to  achieve  them 
and  metrics  for  determining  whether 
they  are  met,  companies  can  align  their 
financial  management,  customer  activi¬ 
ties,  business  processes  and  organiza¬ 
tional  development. 

In  Alignment,  their  fourth  book,  the 
authors  contend  that  the  Balanced  Score- 
card  approach  should  be  used  to  align 
large,  diverse  corporations.  Plenty  of 
companies  have  done  this,  judging  from 
the  many  examples  (including  Ingersoll- 


Rand  and  Hilton  Hotels)  that  Kaplan  and 
Norton  use  to  illustrate  their  argument. 
Less  well-tested  at  this  point  is  the  use  of 
the  methodology  to  foster  better  collabo¬ 
ration  between  companies  and  external 
stakeholders,  such  as  boards  of  directors, 
investors  and  trading  partners. 

For  CIOs  who  have  used  the  Balanced 
Scorecard  to  manage  IT  value  at  the 
business-unit  level,  the  book  provides 
fresh  thinking  about  how  IT  contributes 
to  the  overall  enterprise.  In  short,  say  the 
authors,  IT  must  innovate,  by  providing 
products  and  services  that  help  business 
units  differentiate  themselves  to  custom¬ 
ers.  But  for  such  value-added  contribu¬ 
tions,  it  could  be  more  cost-effective  to 


outsource  IT,  Kaplan  and  Norton  sug¬ 
gest.  At  the  heart  of  the  book  is  a  simple 
idea:  that  alignment  is  created  when 
different  units  within  a  company  have 
shared  objectives  and  agreed-upon  ways 
to  measure  progress  toward  those  objec¬ 
tives— the  elements  that  make  up  the 
Scorecard.  Balanced  Scorecard  devotees 
will  be  familiar  with  the  complexities 
of  developing  Scorecards  and  “cascad¬ 
ing”  them  throughout  an  organization. 
A  chapter  on  this  subject  offers  useful 
examples  of  companies  that  worked 
through  this  process  based  on  their  cor¬ 
porate  structures,  cultures  and  the  prior 
experience  of  business  units  with  their 
own  Scorecards.  -Elana  Varon 


Better 

Robots 


ROBOTICS  Commercial  computer  hardware  is  the  key  to  building  a  reliable  robot, 
from  fast  processors  to  cheap  flash  memory  and  high-capacity  hard  drives,  according 
to  robotics  experts. 

Products  such  as  the  Cell  processor,  developed  for  Sony’s  Playstation  3  video  game 
console,  will  provide  the  processing  power  needed  to  bring  robots  to  a  mass  market, 

said  Colin  Angle,  CEO  of  iRobot,  during  an  April  confer¬ 
ence  at  Boston  University.  (iRobot  makes  Roomba,  a  robot 
vacuum  cleaner,  and  PackBot,  a  military  robot  that  disables 
booby  traps  and  land  mines.) 

Another  crucial  ingredient  for  robotics  design  is  wireless 
technology  such  as  WiMax,  important  for  robots  to  be  able 
to  exchange  video  and  other  data  with  their  owners.  "The  core 
of  a  robot  could  ultimately  be  a  cell  phone,"  Angle  said.  Mobile  phones  combine  many 
factors  of  robotic  design,  including  geolocation  and  broadband  networking. 

Robots  serve  niche  markets,  with  annual  sales  of  about  $5.5  billion  for  industrial 
robots  (the  type  that  automotive  companies  use  to  weld  and  paint  cars)  and  about 
$1  billion  for  robots  used  in  education,  entertainment  and  cleaning  homes.  The  robot¬ 
ics  industry  could  grow  by  finding  applications  in  new  sectors,  said  Dan  Kara,  presi¬ 
dent  and  cofounder  of  Robotics  Trends,  a  research  company. 

For  example,  at  least  five  companies  have  built  robots  to  mow  the  grass  outside  their 
owners'  homes.  Once  these  companies  develop  better  battery  life  and  safety  procedures, 
they  could  capture  a  portion  of  the  $23  billion  lawn-care  market. 

-Ben  Ames 
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automation  &  control  •  building  technologies  •  energy  &  power  •  financial  services  •  hearing  solutions  •  home  appliances  •  information  &  communication 
lighting  •  material  handling  •  medical  solutions  •  transportation  •  water  technologies  usa.siemens.com 


Who  helps  Business  travel  lighter 

with  new  communications  solutions? 


We  do 


You  know  what  it’s  like.  You’re  on  a  business  trip  and  it  seems  like 


you’re  hauling  around  half  your  office.  Your  cell  phone,  your  PDA, 
plus  a  suitcase  full  of  documents.  And  then  there’s  your  laptop,  which  can’t 
seem  to  connect  to  the  network  from  your  hotel.  Siemens  HiPath®  solutions 
enable  you  to  carry  just  one  device — and  you  decide  which  one.  So  you  can  stop 
overpacking  and  focus  on  your  business.  HiPath.  Total  Business  Communications. 

Interested?  Contact  us  at  www.usa.siemens.com/openscape 


SIEMENS 


Global  networ  c  of  innovation 


TRENDLINES 


Companies  that  have  deployed  new  systems  to  comply  with  government 
regulations  such  as  the  Sarbanes-Oxley  Act  are  finding  these  investments  can  do  double 
duty  by  helping  them  to  improve  business  processes,  according  to  a  survey  of  332  com¬ 
panies  by  AMR  Research.  Nearly  75  percent  of  respondents  plan  to  use  their  compliance 
investments  to  support  other  activities,  such  as  streamlining  business  processes. 

John  Hagerty,  vice  president  of  research  with  AMR,  says  regulatory  mandates  have 
put  a  new  spotlight  on  IT  as  a  means  to  mitigate  business  risk.  Prior  to  these  mandates, 
risk  management  didn't  get  executive  attention.  CEOs  and  boards  were  reluctant  to 
invest  in  technology  to  combat  risk,  he  says.  But  Sarbanes-Oxley  especially  has  made 
them  more  attuned  to  the  technology  underpinnings  that  compliance  requires.  “So  you 
see  the  board  open  its  wallet  to  fund  some  of  these  programs."  says  Hagerty. 

One  area  where  compliance  mandates  have  prompted  support  is  for  security  and 
identity  management.  Sarbanes-Oxley.  for  example,  requires  appropriate  access  con¬ 
trols  to  corporate  systems  so  that  an  employee  cannot  change  data  unless  he  is  autho¬ 
rized  to  do  so.  And  so.  CIOs  have  permission  to  deploy  access  management  systems 
and  procedures  that  they  may  have  been  unable  to  justify  previously. 

Meanwhile,  Hagerty  adds,  the  emphasis  of  Sarbanes-Oxley  on  process  controls  fos¬ 
ters  greater  awareness  of  quality  assurance.  The  required  reviews  prompt  companies  to 
examine  processes  that  are  not  working  well  or  controls  that  are  failing. 

Sarbanes-Oxley  has  also  provided  support  for  business  process  management  (BPM). 
Sarbanes-Oxley  compliance  depends  on  standardizing  processes  so  that  points  of  fail¬ 
ure  are  minimized.  BPM  technology  supports  this  standardization  across  a  company. 


Double-Duty  IT 

Technology  for  regulatory  compliance  supports  multiple  business  uses 


Companies  repurpose  compliance  investments  for: 


Adds  up  to  101%  due  to  rounding. 
SOURCE:  AMR  Research 


67"/o 

of  companies  have 
automated  their 
compliance 
processes  using  IT. 

33»/o 

think  they  don’t 
need  new  IT  for 
compliance. 
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Practices: 

I^^^Compiiance  comes 
Lfl  first.  Focus  on  what  is 
absolutely  required  to  satisfy 
the  regulatory  mandate.  Deter¬ 
mine  what  types  of  training,  new 
business  processes  and  soft¬ 
ware  you  will  need  to  meet  the 
requirements. 

j^^pindentify  double-duty 

investments.  CIOs  have 
a  global  view  of  the  company 
that  other  business  leaders 
do  not,  says  Hagerty.  Use  that 
knowledge  to  target  compli¬ 
ance  investments  toward 
processes  that  need  improve¬ 
ment.  Because  other  business 
leaders  will  likely  view  compli¬ 
ance  spending  as  an  expense, 
explaining  the  business  benefits 
can  help  make  the  case  for 
investment  in  new  technology. 

Watch  for  overlap. 

Many  regulations  have 
common  business  require¬ 
ments,  such  as  managing 
documents  and  records,  stan¬ 
dardizing  business  processes, 
creating  reports,  managing 
risks,  and  implementing  secu¬ 
rity  and  audit  controls.  You  may 
be  able  to  use  the  same  applica¬ 
tions  to  comply  with  multiple 
regulations. 


With  Sybase®  software,  Nielsen  Media  Research  enables  customers 
to  get  real-time  access  to  audience  viewing  habits  through: 

H^00%  faster  data  loads  Q^a  secure,  Web-based  interface  data  compression  ratio 


When  viewing  trends  change  in  the  ultra-competitive  broadcast  industry,  Nielsen  Media  Research  and  their  customers  know  it  instantly.  Because 
they  have  an  information  edge  that  comes  from  using  Sybase®  10  -  a  powerful  data  analytics  server  that  enables  their  clients  to  analyze  more  data 
in  more  ways.  Up  to  lOOx  faster.  And  Sybase  10  helps  Nielsen  provide  better  service  at  a  lower  cost.  It’s  an  edge  that  only  we  can  deliver.  And  it’s 
why  more  global  companies  are  tuning-in  to  Sybase  every  day.  www.sybase.com/infoedge101 

Copyright  ©2006  Sybase.  Inc.  All  rights  reserved.  Sybase  and  the  Sybase  logo  are  trademarks  of  Sybase.  Inc. 

•  indicates  registration  in  the  United  States  of  America.  All  product  and  company  names  are  trademarks  of  their  respective  owners. 


lose  money 


lose  customers 


WHEN  SERVING  YOUR  CUSTOMERS 


WHATEVER  CHOICE  YOU  MAKE,  YOU’RE  TOAST. 


You  know  that  the  only  way  to  succeed  is  by  serving  your 
customers  better.  But  what  organization  can  afford  to 
throw  endless  dollars  at  improving  the  customer 
experience?  With  RightNow,  you  don’t  have  to  make  a 
deal  with  the  devil. 

RightNow  provides  a  breakthrough  solution  that  lets  you 
enhance  your  customer  experience  while  reducing  costs. 
By  delivering  knowledge  at  every  customer  touchpoint, 
RightNow  helps  you  grow  your  business,  one  customer 


experience  at  a  time.  We’ve  enabled  more  than  a  billion 
successful  customer  interactions  for  our  clients  in  every 
major  industry.  Chances  are,  we  can  help  you,  too. 

Find  out  why  RightNow  leads 
in  client  satisfaction.  Download 
your  free  executive  summary  of 
CRMGuru’s  Solutions  Guide  at 
www.rightnow.com/toast  or  call 
us  toll-free  at  1.877.363.5678. 


RIGHT 

NOW 

TECHNOLOGIES 


ESSENTIAL 


FROM  INCEPTION  TO  IMPLEMENTATION-I.T.  THAT  MATTERS 


tectiiiology 


Business 
process  I 
management  : 
can  help  turn  | 
tweaks  into  | 
innovations  i 
on  the  fly  j  i 


Moving  the  Sidewalks 

BY  MARK  COOPER 

INNOVATION  I  Down  in  the  dusty,  dry  streets  of  Laredo,  Texas,  a  truckload  of  furni¬ 
ture  arrives  at  a  Lacks  Valley  Store.  Unnoticed  by  the  dock  workers  as  they  scan  each  prod¬ 
uct  are  the  myriad  exceptions  typical  in  a  large-ticket  retail  business:  missing  items, 
special  customer  orders  and  items  that  were  never  ordered  but  that  showed  up  anyway. 
However,  behind  the  scenes,  a  business  process  management  (BPM)  application  is  mon¬ 
itoring  the  warehouse  and  receiving  systems,  identifying  each  exception  as  it  occurs. 

The  BPM  application  then  goes  beyond  monitoring  and  actually  prioritizes  the  exceptions 
and  launches  tasks  for  various  employees  (for  example,  walking  an  employee  through  the 
steps  to  review  and  address  an  expected  order  that  did  not  arrive).  The  exceptions  persist  as 
tasks,  or  “in  flight”  processes,  in  the  system  and  are  monitored  until  they  are  resolved.  The 
business  analysts  who  actually  deal  with  the  problems  are  able  to  tweak  the  resolution 
processes  in  real-time  as  they  learn  more  efficient  ways  to  improve  operations. 

InExtreme  Competition:  Innovation  and  the  Great  21st  Century  Business  Reformation,  author 
Peter  Fingar  describes  the  rise  of  intense  competitors  from  around  the  globe  who  “innovate 
by  how  they  operate”  and  who  are  attacking  markets  both  large  and  small— including  small 
Texas  border  towns.  To  respond  to  these  new  competitors,  companies  like  Lacks  Valley 
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vStores  must  transform  and  evolve  their  oper¬ 
ations  faster  than  ever  before. 

BPM  helps  them  do  that.  “The  biggest 
impact  has  been  catching  exceptions  early 
enough  to  actually  do  something  about 
them,”  says  Lee  Aaronson,  CEO  of  Lacks 
Valley  Stores.  “Before,  we  had  to  rely  on  a 
customer  complaining  about  an  issue  or 
accidentally  discovering  that  something 
was  wrong.”  Now  Lacks  employees  either 
receive  e-mails  alerting  them  to  take  action 
or  they  log  in  to  a  portal  to  manage  excep¬ 
tion  tasks  and  resolve  them  before  cus¬ 
tomers  even  notice. 

BPM  can  transform  customer  contact 
operations  as  well.  American  National  Insur¬ 
ance  Co.  ( Anico)  was  one  of  the  early  adopters 
of  BPM  and  has  used  it  to  streamline  cus¬ 
tomer  service  processes  across  four  business 
groups,  resulting  in  a  CSR  workload  capac¬ 
ity  increase  of  192  percent.  “Our  BPM  initia¬ 
tives  have  paid  huge  dividends,”  says  Gary 
Kirkham,  VP  and  director,  planning  and 
support  division  for  Anico.  “We  eliminated 
the  need  for  CSRs  to  ‘dive  bomb’  into  multi¬ 
ple  mainframe  applications  to  handle  cus¬ 
tomer  and  agent  requests  and  built  rules  into 
our  process  to  guide  them  through  a  single 
view  of  the  customer’s  information  across 
multiple  systems.  BPM  allowed  us  to  both 
keep  up  with  huge  growth  in  our  customer 
jbase  and  improve  on  all  of  our  customer 
service  metrics  at  the  same  time.” 

I  Of  course,  seasoned  CIOs  understand  that 
no  single  new  technology  will  be  a  cure-all 
for  complex  process  issues.  It  often  takes  sig¬ 
nificant  effort  just  to  define  who  owns  a 
process  and  how  it  actually  works.  If  a 
process  is  bad,  automation  may  only  get  bad 
results  faster.  Like  Lacks  Valley  Stores  and 
Anico,  however,  a  diverse  group  of  compa¬ 
nies  has  achieved  real  results  by  leveraging 
BPM  technology  in  their  process  improve¬ 
ment  efforts. 

A  New  Way  to  Build  and 
Manage  Processes 

There  is  an  old  story  about  a  clever  university 
planner  who  waited  to  pour  concrete  side¬ 
walks  on  the  new  campus  until  students  had 
worn  paths  between  the  buildings.  Tradi¬ 


tional  IT  infrastructure  has  evolved  in  much 
the  same  way:  Experienced  practitioners 
now  try  to  thoroughly  understand  user 
requirements  before  deploying  automation 
that  can  be  as  intractable  as  concrete.  Con¬ 
ventional  approaches  to  reengineering  and 
application  development,  however,  can  no 
longer  meet  stakeholder  demands  for  rapid 
and  ongoing  process  change. 

BPM  emerged  as  a  response  to  this  “move 
the  sidewalks  now”  requirement  once  easier 
integration  technologies  finally  caught  up  with 
management’s  ongoing  push  for  operational 
improvement.  Although  hundreds  of  vendors 
may  each  define  it  differently,  most  agree  that 
BPM  gives  an  organization  the  ability  to 
define,  execute  and  manage  processes  that:  a) 
span  multiple  applications  and  involve  human 
interactions,  and  b)  handle  dynamic  process 
rules  and  changes,  not  just  simple,  static  flows. 

Software  vendors  eventually  caught  on 
and  started  providing  platforms  that  inte¬ 
grated  process  modeling,  execution  and 
management  reporting  of  process-specific 
metrics.  Organizations  now  have  the  tools 
to  automate  and  change  processes  across 
previously  isolated  applications,  databases 
and  people. 

Gartner  defines  BPM  as  a  structured 
approach  to  managing  an  organization’s 
process  environment  and  employing  meth¬ 
ods,  policies,  metrics,  management  practices 
and  software  tools,  which  today  are  known 
as  business  process  management  suites 
(BPMSs).  These  integrated  platforms  pave 
the  way  for  an  organization  to  continually 
improve  a  process  that  was  previously  inef¬ 
ficient  and  difficult  to  manage.  They  do  this 
by  leveraging  integration  technologies  with 
visual  process  modeling,  real-time  monitor¬ 
ing,  Web-based  applications  and  manage¬ 
ment  reporting— all  working  together  to 
support  rapid  process  innovation. 

BPMS  adoption  has  spread  quickly,  in 
part  because  of  the  speed  of  deployment. 
Forrester  Research  estimates  that  the  mar¬ 
ket  for  BPMS  software  is  growing  at  a  com¬ 
pounded  annual  growth  rate  of  more  than 
20  percent.  Between  2005  and  2009,  For¬ 
rester  expects  annual  sales  of  BPMS  to 
grow  to  $2.7  billion. 


BPM  Resources 

on  .com 

www.cio.com/051506 

■  “A  New  Glue  or  the  Old  Soft  Shoe,” 

feature  article  by  Ben  Worthen 

■  “Business  Process  Management: 

Taking  All  The  Right  Steps,”  by 

Greg  Sarafin,  managing  director, 
BearingPoint 

■  “Human-Centric  Business  Process 

Management  Suites,”  a  Forrester 
report  by  Connie  Moore  (PDF) 

■  Quote  to  Cash  BPM  graphic  by 
XPIane(JPEG) 


A  Diverse  Product  Space 

Because  the  promise  of  BPM  is  so  enticing 
and  the  target  business  problems  are  so 
diverse,  software  vendors  have  charged  into 
the  BPMS  market  from  a  variety  of  back¬ 
grounds.  Each  frames  the  problem  a  little 
differently  in  order  to  present  its  solution  in 
the  most  appealing  light.  For  example, 
workflow  vendors  tend  to  emphasize  the 
human-to-human  aspects  of  BPM.  Mid¬ 
dleware  and  infrastructure  vendors  focus 
on  the  importance  of  underlying  systems 
integration.  Enterprise  content  manage¬ 
ment  vendors  focus  on  the  document-centric 
nature  of  processes  found  in  financial  serv¬ 
ices  and  other  back-office  operations.  BPMS 
pureplay  vendors  often  highlight  their 
architectural  elegance  and  independence 
from  legacy  product  and  infrastructure 
constraints. 

The  truth  is  that  BPM  will  typically 
require  elements  of  all  of  these  approaches, 
so  CIOs  must  thoroughly  understand  the 
types  of  processes  they  want  to  transform 
and  how  the  BPMS  will  fit  into  their  unique 
enterprise  architecture. 

The  category  is  maturing:  2006  has  seen 
continued  growth  in  the  number  of  formal 
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Fujitsu  PRIMEQUEST™  Servers  with  Intel®  Itanium®  2  Processors. 

Mainframe  Reliability.  Sized  for  the  Mainstream. 


For  decades,  CIOs  have  trusted 
Fujitsu  mainframes  to  run  their  mission- 
critical  applications.  Now  you  can 
get  the  same  robust  engineering  and 
innovative  design  with  the  highly  reliable, 
high  performance  Fujitsu  PRIMEQUEST 
servers  featuring  Intel®  Itanium®  2  Processors. 
Designed  for  Microsoft®  Windows®  and 
Linux®  environments  to  run  mission  critical 


System  Mirror 

PRIMEQUEST  servers  offer  the  ability  to  run 
memory  and  crossbars  as  mirrored  pairs.  This 
option,  enabled  via  the  Dual  Synchronous 
Architecture  in  PRIMEQUEST  servers,  provides 
fault  immunity  for  the  hosted  operating  system 
and  applications.  The  use  of  System  Mirror 
transparently  guards  against  hardware  errors 
that  could  otherwise  cause  a  system  panic. 


applications,  PRIMEQUEST  servers 
harness  the  power  and  performance 
of  up  to  32  Intel®  Itanium®  2  Processors, 
to  easily  accommodate  your  largest 
applicationsThey  are  designed  with  integrated 
networking  and  management  features  for 
simplicity  and  offer  flexible  I/O  and  partitioning 
that  enhances  your  agility  to  respond  to 
dynamic  business  requirements. 


To  learn  more  about  how  Fujitsu  PRIMEQUEST  servers  bring  mainframe  reliability  to  mainstream  environments, 

visitus.fujitsu.com/computers/PRIMEQUEST  or  call  I -800-83 1 -3 1 83. 


FujiTSU 

THE  POSSIBILITIES  ARE  INFINITE 


Itanium’ 2 

inside'" 
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Be  wai7  of  suites  that  require  the  process 
definition  to  be  exported  from  one  module 
and  then  imported  into  the  next.  This  “bucket 
brigade”  approach  increases  development 
time  and  discourages  process  innovation. 
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BPMS  RFPs  issued  by  coi'porations.  Because 
most  of  the  leading  BPMSs  can  easily 
address  the  requirements  found  in  a  typical 
package  selection  or  pilot  project,  CIOs  must 
expand  on  typical  due  diligence  to  include 
real-world  scalability  testing,  hands-on 
involvement  of  business  users,  and  careful 
evaluation  of  similar  customer  implemen¬ 
tations.  Many  vendors  will  be  able  to  meet 
the  functional  checklists;  the  goal  is  to  ensure 
'  a  good  fit  with  the  organization’s  approach  to 
operational  innovation, 
i  ! 

Integration  Is  Key 

BPMS  solutions  should  be  integrated  for  rea¬ 
sons  of  both  speed  and  innovation.  Be  wary 
of  BPMSs  that  require  the  process  definition 
to  be  exported  from  one  module  and  then 
I  imported  into  the  next  (such  as  between  def- 

■  inition,  simulation,  execution  and  reporting 
j  modules).  This  “bucket  brigade”  approach 
I  increases  development  time  and  discourages 

■  process  innovation.  According  to  Anico’s 
I  Kirkham,  every  BPM  solution  must  go 
j  through  multiple  iterations  both  to  discover 

the  right  process  and  to  change  with  the 
!  needs  of  the  business.  This  requires  tight 
I  'coupling  between  the  process  models  and 
the  actual  execution  and  management  of 
j  those  processes. 

i  i  As  important  as  the  BPMS  feature  set  is 
how  well  the  platform  brings  people  and 
j  other  applications  into  the  new  process. 

'  Cincinnati  Bell  leveraged  the  ability  of  Blue¬ 
spring  Software’s  BPMS  to  bring  Microsoft 
Office  apps  into  its  quote-to-cash  process. 
The  new  process  reduced  deal  cycle  time  by 
j  65  percent  and  finance  labor  time  by  75  per¬ 
cent  by  eliminating  manual  activity  related 
to  the  interaction  between  sales  and  finance 
on  the  viabilit^'^  and  pricing  of  custom  orders 
j(see  related  graphic  on  www.0S1506.com). 

In  part  of  the  new  process,  financial  ana¬ 
lysts  receive  prepopulated  spreadsheets  via 
e-mail.  They  conduct  the  necessary  analysis 
and  then  e-mail  the  spreadsheet  back  so  that 
it  can  go  on  to  the  next  step  in  the  process. 
The  Bluespring  software  orchestrates  this 
process  and  provides  the  necessary  linkage 
to  financial  data  and  other  systems.  “The 
benefit  is  that  you  don’t  change  the  way  peo¬ 


ple  work,  you  just  eliminate  the  administra¬ 
tive  tasks  and  let  them  focus  on  the  parts  of 
their  job  that  add  value,”  says  Chip  Burke,  VP 
of  IT  for  Cincinnati  Bell. 

BPM  and  SOA 

A  good  first  step  to  implementing  a  BPMS  is 
to  “develop  a  simple  and  flexible  integration 
architecture,  especially  if  the  BPM  applica¬ 
tion  will  be  used  as  a  monitoring  or  orches¬ 
tration  layer  placed  on  top  of  existing 
transactional  applications,”  says  Dennis 
Korevitski,  former  director  of  supply  chain 
systems  for  T-Mobile.  If  a  service-oriented 
architecture  (SOA)  or  middleware  layer 
already  exists,  BPM  platforms  can  leverage 
this  investment  by  rapidly  orchestrating 
available  services  into  a  business  process. 
For  example,  T-Mobile  implemented  Lom¬ 
bardi  Software’s  TeamWorks  BPMS  to 
recover  lost  revenue  from  a  complex  returns 
process.  The  process  involves  customers  and 
OEMs  as  well  as  internal  financial  and  cus¬ 
tomer  care  groups.  TeamWorks  was  able  to 
take  advantage  of  some  existing  integration 
points  in  T-Mobile’s  Tibco  infrastructure, 
allowing  the  BPM  team  to  focus  on  improv¬ 
ing  the  process. 

Sometimes  BPM  drives  an  organization 
towards  an  SOA.  “We  would  have  gotten 
there  eventually,”  says  Doug  Schwinn,  CIO 
at  toy  maker  Hasbro.  “But  BPM  gave  us  the 
justification  to  open  up  to  our  partners  in  a 
secure  manner  with  SOA.”  If  an  SOA  is  not 
available,  many  BPMS  platforms  provide 
toolkits  for  legacy  systems  integration. 

Although  the  emergence  of  improved 
integration  technologies  and  SOA  have 
made  legacy  integration  easier,  “you  need 
to  have  respect  for  the  hard-core  challenges 
of  integrating  to  legacy  systems,”  says  Phil 
Gilbert,  CTO  of  Lombardi  Software.  “It  is 


hard  work,  and  it  takes  more  time  than  most 
businesspeople  would  like.” 

Gilbert  recommends  that  BPM  initiatives 
decouple  the  integration  effort  from  process 
design— in  other  words,  IT  should  manage 
the  underlying  systems  integration  while 
the  business  analysts  are  working  on 
process  design.  This  approach  gets  func¬ 
tionality  into  the  hands  of  end  users  faster, 
even  if  additional  systems  integration  shows 
up  in  later  releases  and  further  streamlines 
the  process. 

Process  management  challenges  can  arise 
as  BPM  spreads  throughout  an  organiza¬ 
tion.  Changing  process  flows  or  data  sources 
can  cause  unintended  side  effects.  But  the 
potential  to  measurably  improve  overall 
organizational  performance  makes  it  well 
worth  the  effort  to  manage  those  risks. 
Gilbert  says  that  the  industry  has  only 
begun  to  scratch  the  surface.  “The  strategic 
value  of  BPM  technology  is  process  gover¬ 
nance  and  providing  a  holistic  view  into  all 
of  a  company’s  running  processes— whether 
[the  BPM  platform]  executes  them  or  not.” 

“The  ideal  BPMS  essentially  will  be  a 
database  management  system  for  your  busi¬ 
ness  processes,”  says  author  Fingar.  “The 
real  breakthrough  is  in  creating  a  definition 
of  your  process  as  abstract  data.”  To  remain 
competitive,  organizations  will  have  to  build 
the  capabilities  to  manage  processes  as 
quickly  and  effectively  as  they  currently 
manage  data.  QQ 


Mark  Cooper  is  a  managing  partner  with  Athens 
Group,  a  consultancy  in  Austin,  Texas.  He  can  be 
reached  at  mcooper@athensgroup.com. 

EDITOR’S  NOTE:  Athens  Group  clients  include 
two  of  the  companies  mentioned  in  this  article: 
Lacks  Valley  Stores  and  Lombardi  Software. 


34 


MAY  15,  2006  |  www.cio.com 


THE  ESSENTIAL  ELEMENTS  OF 

IT  GOVERNANCE 


Even  the  most  effective  strategy  and  leadership  need  the  right  data  to  support  them.  Cornpuware  Changepoint 
provides  the  fundamental  components  for  better  decision-making.  While  Changepoint  automates  key  organizational 
processes,  you  get  an  integrated  dashboard  view  of  IT  costs,  effort  and  value  with  the  power  to  drill  down  for 
details.  Hard  facts  delivered  on  demand — now  that’s  putting  true  IT  insight  in  the  palm  ofy  our  hand. 


©  Cornpuware 

ef)  Changepoint’ 


Discover  the  “Total  Economic  Impact”  of  implementing  IT  Governance. 

Download  the  latest  Compuware-connmissioned  case  study  conducted  by 
Forrester  Consulting  at  www.compuware.eom/Changepoint/ROI3.  Or,  visit 
us  at  http://www.compuware.com/it-governance/. 
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IT'S  ALL  ABOUT  THE  EXECUTION 


Michael  Schrage 


; 


The  Hammer  of  Consensus 

When  a  committee  is  charged  with  achieving  unanimity,  the  force  of  its 
decisions  is  multiplied 


I  recently  served  on  a  special  committee  of  independent 
directors  formed  expressly  to  ensure  fair  terms  for  a 
high-profile,  multibillion-dollar  takeover.  The  nego¬ 
tiations  for  this  deal  were  exceedingly  complex,  yet 
the  chairman  of  our  committee  persuaded  us  to  accept  a  dia¬ 
bolically  simple  constraint.  Any  public  pronouncement,  deci¬ 
sion  or  action  we  took  would  have  to  be  agreed  upon 
unanimously.  If  we  couldn’t  reach  a  consensus,  we  wouldn’t 
proceed.  Period.  We  were  all  in  it  together. 

The  resulting  experience  was  electrifying.  Each  of  us  had 
the  explicit  ability  to  delay,  stalemate  or  kill  any  idea  or  ini¬ 
tiative.  That’s  power.  At  the  same  time,  we  knew  that  any  idea 
or  initiative  we  suggested  required  unanimous  consent.  As  a 
naturally  contentious  guy,  I  feared  we’d  all  be  a  bit  too  willing 
to  compromise  in  the  name  of  comity.  Not  only  was  I  wrong, 
I  wasn’t  even  the  most  contentious. 

We  had  knock-down,  drag-out  arguments  where  the  deci¬ 
bels  leaped.  We  fought  over  precise  wording  and  imprecise 
spreadsheet  calculations.  We  made  our  lawyers  and  invest¬ 
ment  bankers— who  were  exceptionally  well-compensated— 
earn  their  pay  with  constant  requests  for  data  and 
interpretations  to  resolve  our  internal  disagreements.  There 
was  absolutely  no  polite  desire  for  early  consensus. 

At  no  time,  however,  did  any  of  us  exercise  our  veto  power— 
not  once!  I  can’t  even  recall  an  implied  threat  to  do  so.  The 
fact  that  any  one  of  us  could  stop  any  proposal  dead  in  its 
tracks  liberated  conversation  rather  than  constrained  it.  We 
absolutely  knew  we’d  take  each  other’s  comments  and  con¬ 
cerns  seriously.  We  listened  to  each  other  so  closely  and  care¬ 
fully  that  potential  “deal-breaker”  conflicts  never  hit  the  point 
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because  your  executives  only”^ 

care  about  ONE  ANSWER  ” 

-the  right  one. 


Now  you  can  deliver  the  data  consistency  your  organization  demands. 

Cognos  8  Business  Intelligence  is  the  only  solution  with  the  advanced  architecture  that 
guarantees  a  consistent,  comprehensive  view  of  information  across  your  enterprise. 

It’s  a  single  product  with  all  BI  capabilities  —  reporting,  analysis,  dashboarding  and  scorecarding. 
With  a  single  query  engine  and  centralized  metadata  layer  that  guarantee  data  consistency. 

And  a  single  web-services  based  SOA  that  seamlessly  integrates  into  your  environment. 

All  of  which  means  that  when  your  executives  ask  questions,  they  get  consistent  answers. 

Visit  www.cognos.com/oneanswer  today. 


Copyright  ©  2006  Cognos  Incorporated.  All  rights  reserved. 


THE  NEXT  LEVEL  OF  PERFORMANCE"” 


Fn  Michael  Schrage 


IT'S  ALL  ABOUT  THE  EXECUTION 


of  no  return.  Any  decision  made  was  owned  by  all  of  us.  No 
weaseling;  no  waffling.  Us. 

The  result?  We  successfully  struck  a  deal  that  made  the 
shareholders  reasonably  happy  and  the  independent  direc¬ 
tors  impressed  with  each  other’s  diligence.  Our  chairman 
clearly  knew  what  he  was  doing. 

That  story  often  comes  to  mind  when  I  hear  the  frustra¬ 
tions  of  IT  governance  and  IT  project  steering  committees 
designed  to  better  align  budgets,  schedules,  requirements  and 
priorities.  We  can  talk  all  we  want  about  the  strategic  objectives 
of  the  business  and  the  “partnerships”  that  these  committees 
supposedly  oversee.  But  the  simple  truth  is  that  steering  com¬ 
mittees  aren’t  about  leadership  or  management;  they’re  about 
accountability.  Strategic  direction  and  the  ongoing  pursuit  of 
operational  excellence  mean  nothing  without  accountability. 

When  the  special  committee  chairman  got  us  to  commit  to 
unanimity  as  our  metric,  he  effectively  guaranteed  individual 
and  institutional  accountability.  In  essence,  he  made  us 
accountable  to  each  other  so  we  would  effectively  become  more 
accountable  to  the  shareholders  we  represented.  That’s  genius. 
Billions  of  dollars  and  the  threat  of  litigation  were  at  stake. 
Yet  with  this  simple  mechanism,  we  were  able  to  negotiate  a 
deal  that  was  fair  to  all  sides. 


A  Betrayal  of  Trust 

When  I  look  at  steering  committees  in  many  organizations, 
however,  I  see  mechanisms  for  strategic  direction,  risk-sharing 
and  alignment  more  than  I  see  a  bid  for  accountability.  Indeed, 
those  steering  committees  often  seem  to  be  mechanisms  for 
holding  others  accountable— project  leaders,  procurement 
teams  and  so  on— rather  than  themselves.  The  notion  that  IT 
steering  committees  can  operate  more  like  a  bureaucratic  tool 
to  evade  accountability  than  to  own  it  appalls  me.  It  is  a  betrayal 
of  trust  and  an  abdication,  not  a  delegation,  of  leadership. 

So  I  have  to  ask:  Do  you,  as  a  CIO,  serve  on  steering  com¬ 
mittees  where  strategic  decisions  and  multimillion-dollar  com¬ 
mitments  can  be  made  with  individual  recusals  and  dissents? 
Is  the  committee  as  a  whole  held  accountable  for  its  priorities 
and  choices?  Or  is  the  aspirational  whole  less  than  the  sum  of 
its  political  parts? 

Similarly,  do  you  as  a  CIO  oversee  IT/business  project  steering 
committees  where  unanimity  and  consensus  are  as  elusive  as  uni¬ 
corns?  Have  you  ever  insisted  that  these  committees  stand  by  their 
budgets,  schedules  and  deliverables  as  a  unit?  Let’s  be  honest: 
Much  of  the  problem  is  that  accountability  has  become  a  fancier 

word  for  blame.  We  all  say  we 
want  accountability,  but  who 
wants  to  be  blamed?  (I  am  con¬ 
stantly  surprised  by  the  Enron- 
like  denials  of  accountability  on 
the  part  of  top  executives.)  Yet  we 
need  to  encourage  individual  and 


Share  Your  Opinion 


Have  you  pushed  your  steering  com¬ 
mittees  to  be  more  accountable? 

Tell  us  how  by  going  to  this  column 
online  at  www.cio. com/051506. 

cio.com 


group  initiative  even  as  our  processes,  apps  and  systems  become 
more  cross-functional  and  interdependent. 

Frankly,  CIOs  who  claim  that  partnership  with  the  business 
units  is  the  way  to  go  must  muster  the  courage  to  acknowledge 
reality.  They  need  to  insist  that  steering  committees  ostensibly 
designed  to  promote  strategic  alignment  and  other  such  feel- 
goodies  be  retooled  around  accountability.  Steering  committees 
should  be  platforms  for  accountability  before  being  internally 
marketed  as  exercises  in  risk-sharing  and  strategy. 

CIOs  need  to  behave  as 
if  accountability  is  as 
important  for  committees 
as  it  is  for  individuals. 

While  in  Australia  recently,  I  heard  CIO  after  CIO  bemoan¬ 
ing  the  fact  that  when  something  succeeds,  the  business  takes 
the  credit,  and  when  something  fails,  IT  gets  the  blame.  The 
steering  committee  chatter  I  heard  made  it  clear  that  account¬ 
ability  wasn’t  a  serious  factor  in  their  design  or  deployment. 
Consensus?  Unanimity?  Nonsense! 

I  can’t  help  but  believe  that  more  than  a  few  CIOs  would  be 
better  off  if  they  began  insisting  on  unanimity.  More  than  six 
decades  ago,  one  of  America’s  finest  aircraft  designers— Douglas’ 
Edward  Henry  Heinemann— oversaw  the  production  of  a  myr¬ 
iad  of  state-of-the-art  combat  planes.  One  of  his  key  managerial 
rules  was  that  changes  had  to  be  made  by  consensus.  This  built 
both  esprit  and  better  integrated,  high-performance  aircraft. 

The  wonderful  paradox  is  that  leading  by  consensus  may  be 
the  surest  way  of  generating  the  kind  of  arguments  and  candid 
discussion  that  guarantee  a  productive  collaboration  between 
IT  and  the  business.  The  power  of  the  veto  may  be  the  best 
guarantor  of  it  never  (or  seldom)  being  used. 

But  the  most  important  issue  here  is  that  CIOs  need  to  behave 
as  if  accountability  is  as  important  for  committees  as  it  is  for  indi¬ 
viduals.  They  need  to  behave  as  if  consensus  is  not  the  byproduct 
of  least-common-denominator  compromises  but  the  result  of 
smart  people  successfully  collaborating  within  constraints.  At 
the  risk  of  going  meta,  CIOs  need  to  accept  that  they  should  be  held 
accountable  for  how  they  hold  their  people  accountable.  Some¬ 
times  the  best  way  of  making  people  more  accountable  to  you  and 
to  themselves  is  to  insist  they  become  more  accountable  to  each 
other.  Is  that  idealistic?  Perhaps.  But  as  one  looks  at  the  future  of 
IT  governance  and  project  management,  it  increasingly  seems  the 
most  pragmatic  way  to  go.  Pmi 


Michael  Schrage  is  codirector  of  the  MIT  Media 
Lab’s  eMarkets  Initiative.  He  can  be  reached  at 
schrage@meclia.mit.edu.  Please  send  comments  to 
letters@cio.com. 
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Think  it's  time  for  server  optimization? 

(Or  are  you  okay  with  the  way  things  are  now?) 


Be  kin  Titan  17  LCD  Rack  Conso  e  with  1X8  KVM  Switch 


•  Enables  secure  and  compact  centralized  server  control  (for  up  to  8  servers) 

•  Features  OmniView  Quad-Bus  1X8  KVM  Switch  with  Micro-Cabling 

•  Cross-platform  support  for  PS/2  or  USB  servers 

•  Dual-glide  rail  system  allows  the  LCD  panel  to  remain  displayed  even 
with  the  server-rack  door  closed,  enabling  constant  server  monitoring 

•  Offers  advanced  features  such  as  a  key-locking  mechanism  to  prevent 
unauthorized  access 

•  Belkin  Dual-Port  Micro-Cables  are  sold  separately  and  are  required  to 
connect  the  built-in  KVM  switch  to  servers 
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BELKIN. 


Belkin  Titan  17"  LCD  Rack  Console 

•  Works  with  any  server  or  KVM  switch 

•  Enables  secure  and  compact  centralized 
server  control 

•  2-year  warranty 

$1892.99  CDW  910758 
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The  Server  Solutions  You  Need  When  You  Need  Them. 

Is  managing  your  growing  number  of  servers  and  your  growing  storage  needs  getting  to 
be  too  much?  Then  server  optimization  may  be  just  the  answer.  From  server  consolidation 
to  storage  management,  networking  to  virtualization,  CDW  can  answer  your  questions 
and  get  you  the  solutions  you  need.  So  call  CDW  today.  It's  time  you  ran  your  network, 
not  the  other  way  around. 

Offer  subject  to  CDW's  standard  terms  and  conditions  of  sale,  available  at  CDW.com,  ©  2006  CDW  Corporation 


The  Right  Technology.  Right  Away.™ 

CDW.com  •  800.399.4CDW 

In  Canada,  call  888.898.CDWC  •  CDW.ca 
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I  The  New  Glass  Ceiling 

As  one  veteran  CIO  discovered,  finding  the  next  opportunity  is  not  so  easy  when 
you’reoverSO  by  sheleen  quish 


How’s  business?  What  have  you  been  up  to  lately? 

Simple  questions,  and  for  all  35  years  of  my  pro¬ 
fessional  life,  they  have  been  easy  to  answer. 
Indeed,  the  challenge  was  making  sure  I  didn’t 
dominate  the  conversation  with  the  excitement,  changes,  pro¬ 
motions,  projects  and  successes  over  the  years!  I  love  chal¬ 
lenges.  I  love  problems.  I  love  turnarounds.  Let  me  at  at  ’em! 

That  was  certainly  my  attitude  when  I  joined  a  global  man¬ 
ufacturing  firm  in  2000.  Yes,  it  was  the  smallest  shop  I  had 
managed,  but  it  didn’t  matter  because  of  all  the  interesting 
opportunities:  reengineering  the  infrastructure,  implement¬ 
ing  best-of-breed  applications  that  had  been  purchased  but 
mothballed,  and  repositioning  IT  from  a  cost  center  to  a  com¬ 
petitive  advantage.  It  was  an  exciting  time. 

Losing  My  Endorsement 

Fast-forward  to  the  fall  of  2005.  The  infrastructure  engi¬ 
neering  was  complete,  the  European  IT  functions  had  been 
centralized  and  then  decentralized,  and  the  applications  had 
been  implemented.  In  addition,  the  company  was  going 
through  a  major  management  transition.  But  it  was  not 
unusual  by  any  corporate  standards  and  I  had  already  sur¬ 
vived  three  CEOs  and  two  CFOs.  I  certainly  expected  to  con¬ 
tinue  that  track  record.  However,  that  was  not  to  happen  this 
time;  the  “chemistry”  that  bonds  executives  just  wasn’t  there. 
Some  people  refer  to  this  as  “losing  your  endorsement,”  and 
that  is  a  pretty  good  description.  If  I  had  been  a  major  league 
athlete,  I  would  have  been  traded  to  another  team  for  some 
cash  and  some  new  talent.  And  that’s  OK  too,  because  in  my 
experience,  there  was  always  another  great  opportunity 
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around  the  corner.  The  transition  out  of  the  company  was 
graceful  and  dignified  with  the  assistance  of  an  excellent  HR 
VR I  still  have  the  personal  farewell  note  from  the  CEO  pinned 
to  my  home  office  bulletin  board. 

A  New  Glass  Ceiling 

Anticipating  changes  in  the  air,  I  had  begun  letting  people 
know  I  was  back  “on  the  market”  in  mid-2005,  confident  that 
I  would  be  recruited  into  another  great  opportunity  in  just  a 
few  months.  And  it  started  out  just  like  the  old  days:  inter¬ 
views  with  executive  search  firms,  and  the  follow-up  inter¬ 
views  with  key  people  at  some  very  interesting  companies. 
You  know  the  drill.  I  had  been  down  this  path  before  and  felt 
totally  confident  when  I  was  told  I  was  in  the  top  two.  Then  I 
found  out  that  the  other  candidate  was  selected.  Hmmm,  this 
was  a  new  phenomenon  for  me. 

Perhaps,  I  reasoned,  the  other  candidate  had  specific  supply 
chain  functional  responsibility  in  addition  to  IT,  or  perhaps  my 
qualifications  were  more  extensive  than  the  company  wanted. 
But  now  that  a  few  more  months  have  gone  by  and  this  pattern 


it.  Age  is  the  most  irrefutable  thing  in  our  lives. 

How  ironic:  At  this  point  in  my  life,  I  am  enjoying  more 
things  than  ever.  Now  that  my  kids  are  grown  I  have  time  to 
pursue  new  interests— bicycling,  skiing,  traveling,  buying  that 
cute  convertible.  I  have  never  been  more  alive!  Most  people 
think  I  am  in  my  40s.  So  how  do  interviewers  find  out  my 
real  age?  Perhaps  it’s  those  subtle  little  questions  they  ask  so 
innocently  when  you  are  in  the  interview  process  such  as, 
“Are  your  children  in  school?”  Attention  all  baby  boomers: 
Just  say  yes  and  then  change  the  subject.  I  figured  out  that 
answering  the  question  the  way  I  did— “Yes,  and  now  they  are 
starting  their  own  careers”— was  a  huge  mistake.  That’s  when 
the  wheels  fell  off,  so  to  speak. 

The  next  thing  I  looked  at  was  whether  this  was  just  my 
experience  or  was  it  happening  to  others  as  well.  Very  inter¬ 
esting  findings  surfaced  here:  First  of  all,  there  are  a  huge 
number  of  former  IT  management  personnel  who  are  “in  tran¬ 
sition.”  The  one  thing  we  all  have  in  common  is  that  we  are  over 
SO.  From  discussions  at  various  meetings  and  over  coffee  in 
one-on-one  chats,  it  is  clear  that  we  are  all  in  the  same  boat.  Yet 
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I  have  discovered  that  my  difficulty  finding  another  CIO  job 
is  not  about  skills^  industry  experience  or  past  functional 
responsibilities.  It  is  about  age. 


is  repeating  itself,  I  realize  that  something  really  has  changed 
in  the  marketplace.  I  was  one  of  the  first  CIOs  who  moved 
from  the  business  side  to  the  IT  side  in  the  early  ’90s.  I  always 
had  communication  at  the  core  of  my  management  style,  and 
CIO  surveys  say  for  the  fourth  year  in  a  row  that  communica¬ 
tion  continues  to  be  the  most  critical  need  in  IT.  What’s  up? 
What’s  different?  I  am  better  qualified  today  for  the  CIO  role 
than  at  any  other  point  in  my  career.  I  have  the  experience, 
the  energy  and  the  drive  to  do  an  outstanding  job. 

My  natural  analytical  tendencies  kicked  in,  and  I  started  to 
dissect  each  of  my  job  encounters  to  see  what  I  could  uncover. 
When  I  didn’t  get  the  job,  who  did?  What  qualifications  did  the 
other  candidates  have  that  I  didn’t?  I  figured  once  I  under¬ 
stood  the  playing  field  better  I  could  fix  the  problem.  Right? 
After  all,  I  have  built  a  career  on  fixing  things. 

This  is  what  I  discovered:  It  is  not  about  the  skills  or  quali¬ 
fications.  It  is  not  about  industry  experience  or  being  overqual¬ 
ified.  It  is  about  age. 

Attention  Baby  Boomers 

To  me  this  is  the  ultimate  kick  in  the  head.  As  a  career  woman 
who  has  worked  very  hard  since  the  1970s  to  achieve  credibility 
in  the  business  world,  who  broke  through  the  glass  ceiling  in 
business  operations  and  then  did  it  again  in  IT,  I  hate  to  think 
that  age  is  the  issue,  because  there  is  nothing  I  can  do  to  change 


our  colleagues  who  are  over  SO  and  still  working  do  not  seem 
to  be  aware  that  this  phenomenon  is  happening.  My  message 
to  you  is:  Stay  at  your  current  employer  as  long  as  possible 
because  once  you  leave  there  is  nowhere  to  go. 

What  a  colossal  waste.  Companies  are  losing  the  advantage 
of  great  workers  with  great  experience,  great  energy  and  in  my 
case  seven  to  10  more  years  of  meaningful  contributions. 

CIO-at-Large 

The  third  thing  I  have  discovered  is  I  have  a  choice:  I  can 
remain  frustrated  or  get  a  new  perspective.  I  choose  a  new 
perspective,  and  I  do  so  every  day.  I  started  by  creating  a 
business  card  for  myself  with  a  new  title:  “CIO-at-Large.” 
Most  IT  professionals  searching  for  the  next  opportunity 
introduce  themselves  as  “so  and  so,  in  transition.”  That  just 
didn’t  sit  well  with  me  so  I  decided  to  describe  myself  with 
something  that  energizes  me.  This  has  opened  up  lively  dis¬ 
cussions  about  what  I  can  do  in  the  marketplace  now,  not 
what  I  used  to  do. 

I  am  very  busy  these  days,  attending  open  forums,  IT  infor¬ 
mation  exchanges,  breakfasts  and  special  interest  group  dis¬ 
cussions.  I  have  been  facilitating  meetings,  joining  advisory 
boards,  leading  panel  discussions  and  providing  a  lot  of  free 
coaching  to  colleagues  over  the  past  few  months.  There  are 
days  when  I  don’t  know  how  I  managed  to  have  time  for  a  60- 
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I  am  working  with  an  executive 
life  coach  who  is  helping  me  identify 
what  my  personal  mission  is  all  about 


It  is  a  lot  more  comprehensive 
than  a  job  and  a  title. 

hour-plus  workweek. 

Recently  new  opportunities  have  presented  themselves.  I 
interviewed  with  two  outstanding  companies  and  I  could  enjoy 
the  role  offered  in  either  of  them.  One  would  require  relocation 
and  I  am  open  to  that  as  well.  We  will  see  what  develops. 

What  Is  My  Life  Mission? 

The  more  important  question  is:  What  do  I  really  want  to  do 
when  I  grow  up?  I  have  reached  a  point  in  my  life  where  I  get 
to  answer  that  question  all  over  again.  That  is  a  bit  unnerving. 
Fortunately,  I  am  working  with  an  executive  life  coach  who  is 
helping  me  identify  what  my  personal  mission  is  all  about.  It 


is  a  lot  more  comprehensive  than  a  job 
and  a  title.  The  pursuit  of  identifying 
what  would  make  me  feel  happy  and  sat¬ 
isfied  is  one  that  is  long  overdue.  Inter¬ 
estingly  enough,  this  search  and  the 
networking  activities  I  engage  in  are 
moving  me  toward  consulting  opportu¬ 
nities.  I  enjoy  a  great  sense  of  accom¬ 
plishment  when  I  can  help  other  IT 
professionals  achieve  more  success. 

My  coach  says  that  “Life  is  a  never-ending  series  of  temporary 
events.”  This  statement  resonates  with  me  and  I  fully  expect  that 
this  evolution  of  my  life  and  career  will  continue.  I  can’t  wait  to 
see  what  the  next  “temporary  event”  will  bring.  QEl 


Sheleen  Quish  is  the  former  CIO  of  a  global  manu¬ 
facturing  company  based  in  Chicago,  and  she  is 
currently  a  CIO-at-Large.  You  can  contact  her  at 
sheleenquish@aol.com.  Please  send  your  comments 
to  Managing  Editor  David  Rosenbaum  at  drosen 
baum@cio.com. 
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Microsoft' 


When  a  major  manufacturer  expanded  its  operations  to 
China,  its  IT  solution  facilitated  communications.  Now, 
employees  make  timely  orders  with  global  vendors.  People 
share  information  instead  of  searching  for  it.  And  distant 
offices  feel  like  next-door  neighbors. 

The  net  result  is  a  faster  decision-making  process  that 
saves  the  company  up  to  $400,000  annually.  When  you 
give  your  people  the  right  tools,  success  is  inevitable. 

See  the  full  details  of  this  case  study  at 

microsoft.  com/peopleready 
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AN  INTERNAL  DATA  BREACH  CAN  DEVASTATE  A  COMPANY'S  STOCK. 
AND  YOU  THINK  YOUR  MORNING  COFFEE  ROUTINE  IS  STRESSFUL. 

Think  your  morning  is  stressful?  Imagine  waking  up  to  news  that  your  company's  stock  has  plummeted. 
That's  exactly  what  you  can  expect  if  it  gets  hit  with  a  data  breach.  Corporate  valuations  could  tumble. 

So  could  careers.  That's  why  there's  EpiForce™  from  Apani  Networks™.  It's  built  from  the  ground  up  to 
secure  your  enterprise  from  the  inside.  On  top  of  that,  it's  highly  scalable  and  creates  continuous, 
easy-to-access  audit  trails.  Which  should  make  for  a  better  start  to  your  day. 


To  learn  more  about  securing  inside  the  network  perimeter,  get  a  free  copy  of  "The  Definitive  Guide  to  Security  Inside 
the  Perimeter"  from  Realtimepublishers,  sponsored  by  Apani  Networks.  Go  to  www.apani.com/cioguide 
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The  CEO  of  the 
Chicago  Mercantile 
Exchange  explains 
why  he  wants  IT 
to  be  innovating 
constantly 

BY  MERIDITH 
LEVINSON 


CEO  CRAIG  DONOHUE  WANTS  THE  CHICAGO  MERCANTILE 

Exchange  (CME)  to  be  the  fairest,  fastest,  most  reliable  and  most  liquid 
exchange  for  trading  options  and  futures.  He  envisions  it  as  a  place  where  buy¬ 
ers  and  sellers  can  interact  whether  they’re  individual  or  institutional 
investors,  and  regardless  of  their  credit  profile.  He  also  wants  the  exchange  to 
provide  superior  clearing,  settlement  and  risk  management  capabilities  for  its 
customers,  who  rely  on  its  systems  every 
day  to  trade  an  average  of  $2.5  tril¬ 
lion  worth  of  contracts  for  futures 
and  options  on  currencies,  com¬ 
modities,  interest  rates,  equity 
products  and  even  the  weather. 

“We  want  to  be  the  market 
leader  in  terms  of  using  tech¬ 
nology  to  become  faster,  more 
robust,  and  to  improve  our 
functionality  and  customer 
service,”  says  Donohue. 

To  transform  Donohue’s 
vision  into  reality,  the  CME 
has  developed  software 
programs  to  increase  trad¬ 
ing  activity  in  financial 
markets,  to  protect  securi- 


Chicago 

Mercantile 

Exchange 

Headquarters 

Chicago 

Primary  business 

Options  and 
futures  trading 

2005  revenue 

$921  million 

Employees  1,300 
CIO  J  im  Krause 

IT  employees  550 

2005  IT  capital 
expenditures 

$88  million 


Craig  Donohue,  CEO  of  the  Chicago  Mercantile 
Exchange,  says  technology  innovation  has  had  a  direct 
impact  on  the  exchange's  ability  to  grow. 
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ties  dealers  from  financial  risk,  and  to 
enable  new  services,  such  as  trading 
options  electronically.  Over  the  years,  the 
CME  has  also  invested  hundreds  of  mil¬ 
lions  of  dollars  in  IT  to  increase  the  speed, 
flexibility  and  reliability  of  Globex,  the 
groundbreaking  platform  for  electronic 
futures  trading  that  it  launched  in  1992. 

Those  IT  investments  have  put  the  CME 
on  a  steady  path  toward  achieving  Dono¬ 
hue’s  goals.  The  CME  is  known  in  the  indus¬ 
try  as  the  “Avis”  of  financial  exchanges— the 

marketplace  that  tries 
harder  to  develop  and 
deliver  the  products 
and  services  that  its 
customers  want.  “The 
CME  has  always  been 
viewed  as  the  hun¬ 
grier,  more  innovative,  more  progressive 
and  generally  more  customer-friendly 
exchange  compared  to  the  other  derivatives 
exchanges,”  says  Michael  Corham,  director 
of  the  Illinois  Institute  of  Technology’s  Cen¬ 
ter  for  Financial  Markets,  who  worked  for 
the  CME  for  18  years. 

Today,  the  CME,  which  was  founded  in 
1898  as  the  Chicago  Butter  and  Egg  Board,  is 
one  of  the  world’s  largest  financial  exchanges, 
second  only  to  the  Eurex  in  Frankfurt,  Ger¬ 
many,  in  the  number  of  contracts  traded 
annually.  In  2005,  the  CME  traded  more 
than  1  billion  contracts  while  the  Eurex 
exceeded  1.2  billion,  but  the  CME  is  catch¬ 
ing  up:  It  grew  by  34  percent  last  year  com¬ 
pared  with  the  Eurex,  which  grew  by 
18  percent.  The  CME’s  trading  volume  has 
skyrocketed  almost  500  percent  since  2000. 

Technology  propels  the  CME’s  growth. 
Almost  every  major  technology  upgrade 
has  increased  trading  activity.  And  the 
more  trades  the  CME  can  match  between 


buyers  and  sellers,  the  more  money  it 
makes.  Donohue  understands  that  if  the 
CME’s  systems  sputter  or  don’t  offer  the 
functionality  customers  need  to  execute 
certain  trading  strategies,  those  traders  will 
find  another  exchange.  To  satisfy  his  cus¬ 
tomers,  he  has  authorized  tens  of  millions 
of  dollars’  worth  of  IT  spending  during  his 
two-and-a-half-year  tenure  as  CEO.  In  2005 
alone,  the  CME  spent  close  to  $58  million  to 
maintain  its  hardware,  software  and  com¬ 
munications  infrastructure.  “The  vast 


majority  of  our  expenses  and  capital 
investments  relate  to  technology.  We  view 
ourselves  as  a  technology  company  because 
technology  is  the  main  way  we  distribute 
our  products,”  says  Donohue,  who  joined 
the  CME  as  an  attorney  in  1989.  He  and  CIO 
Jim  Krause  both  rose  through  the  ranks  of 
the  exchange  and  have  worked  together  on 
every  major  technology  initiative— from  the 
development  of  Globex  to  the  creation  of 
software  to  facilitate  trading  options  elec¬ 
tronically,  and  everything  in  between. 

Donohue  spoke  with  Senior  Writer 
Meridith  Levinson  about  technology’s  role 
at  the  CME,  his  expectations  of  IT,  the 
CME’s  investment  in  IT  and  his  relation¬ 
ship  with  his  CIO. 

CIO:  Describe  the  extent  to  which 
your  company  relies  on  technology 
to  operate. 

Craig  Donohue:  We  operate  24  hours  a 
day,  so  we  have  to  have  very  reliable  infra¬ 
structure  and  platforms.  We  also  need 
extraordinary  capacity  because  markets 
can  become  very  volatile,  and  when  they 
do,  trading  activity  spikes.  Our  system  has 
to  be  able  to  handle  each  message,  order 
and  trade.  We  process  trades  in  less  than 
two-tenths  of  a  second.  We  rely  on  technol¬ 


ogy  to  provide  us  with  the  speed,  reliability 
and  capacity  to  serve  our  customers,  who 
are  primarily  major  banks,  hedge  fund 
managers  and  pension  funds  who  traded 
$638  trillion  worth  of  financial  instru¬ 
ments  through  our  systems.  This  is  not  like 
shopping  for  books  online. 

Given  the  CME’s  profound  reliance  on 
technology  to  operate,  what  do  you 
expect  from  IT? 

IT  needs  to  contribute  to  our  overall  finan¬ 
cial  performance.  In  the  last  eight  years, 
we’ve  invested  more  than  $1  billion  in  tech¬ 
nology.  We’re  a  $14  billion  company,  so 
that’s  a  significant  investment.  Our  [IT] 
spending  has  the  ability  to  very  dramati¬ 
cally  affect  our  financial  performance. 

IT  also  needs  to  be  customer-focused. 
Technology  has  become  much  more  cus¬ 
tomer-facing  for  us.  I  can  no  longer  send 
marketing  people  who  have  tremendous 
financial  product  or  market  knowledge  but 
no  understanding  of  technology  to  meet 
customers  because  our  customers  also 
want  to  discuss  the  technology,  the  inter¬ 
face  and  their  concerns  about  speed  and 
functionality.  So  we  send  technology  peo¬ 
ple  out  with  our  marketing  people  to  meet 
customers.  They’ve  become  a  critical  part 
of  our  marketing  effort.  These  meetings 
give  our  technologists  the  opportunity  to 
get  a  better  understanding  of  what  a  trader 
wants  to  see. 

How  do  you  measure  IT’s  contribution 
to  your  bottom  line? 

It’s  relatively  easy.  There’s  a  direct  correlation 
between  infrastructure  improvements,  such 
as  enhancing  speed  or  expanding  distribu¬ 
tion  capabilities,  or  new  technology-driven 
functionality  and  growth  in  our  business. 
Of  course,  improvements  in  our  marketing 
capabilities  and  things  we’ve  done  strategi¬ 
cally  with  pricing  have  also  contributed  to 
growth,  but  there  is  no  doubt  that  the  tech¬ 
nology  innovation  that  has  occurred  over  the 
last  five  years  has  been  a  direct  cause  of  much 
of  the  growth  we’ve  seen. 

For  example,  about  two  years  ago,  we 
undertook  a  substantial  commitment  to 
making  changes  in  the  way  we  process  data. 
We  engaged  in  an  extensive  fine-tuning  of 
systems  and  programs  to  dramatically 


“IT  needs  to  contribute  to  our  overall 
financial  performance.  In  the  last 
eight  years,  weVe  invested  more 
than  $1  billion  in  technology.” 

-Craig  Donohue 
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World’s  smallest, 
most  compact  TabletP 

Motion  Computing's  LS800  Tablet  PC  is  a  true  breakthrough  in  size  and 
performance.  Weighing  only  2.2  pounds  and  about  the  size  of  a 
paperback,  the  powerful  LS800  features  Intel®  Centrino® 

Mobile  Technology  for  exceptional  mobile  performance 
and  productivity.  Experience  the  versatility  and  mobility 
of  the  Motion  LS800  pre-installed  with  Microsoft® 

Windows®  XP  Tablet  PC  Edition  2005.  Don't  let  its 
small  size  fool  you,  the  LS800  Tablet  PC  gives 
you  all  the  advantages  of  a  full-strength 
operating  system  and  is  tough  enough 
to  go  just  about  anywhere. 


The  Motion™  LS800  is  the  first  to  give  you  full  desktop 
functionality  in  an  ultra-mobile  slate  Tablet  PC  - 
it's  the  only  PC  you'll  need. 


Motion  recommends 

Microsoft®  Windows®  XP  Tablet  PC  Edition. 


The  LS800  Tablet  PC’s  unique  size 
and  remarkable  power  delivers 
outstanding  mobile  performance 
and  productivity  with  Intel® 

Centrino®  Mobile  Technology. 


©  2006  Motion  Computing,  Inc.  All  rights  reserved.  All  product  information  is  subject  to  change  without  notice.  Motion  Computing,  Speak  Anywhere  and  View  Anywhere  are  registered  trademarks  and  Motion  is 
g  trademark  of  Motion  Computing  Inc.  in  the  United  States  and/or  other  countries.  Microsoft  Windows,  Windows  XP  and  Windows  XP  Tablet  PC  Edition  are  either  registered  trademarks  or  trademarks  of  Microsoft 
Corporation  in  the  United  States  and/or  other  countries.  Intel,  Intel  logo.  Intel  Inside,  Intel  Inside  logo,  Intel  Centrino,  Intel  Centrino  logo,  Celeron  and  Pentium  are  trademarks  or  registered  trademarks  of  Intel 
Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  All  other  trademarks  and  registered  trademarks  are  property  of  their  respective  owners. 
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We  want  to  be  the  market  leader  in 
terms  of  using  technology  to  become 
faster,  more  robust,  andlo  improve  our 
functionality  and  customer  service.” 

-Craig  Donohue 


improve  the  speed  of  execution  on  our  CME 
Globex  platform.  [Once  those  infrastruc¬ 
ture  changes  were  implemented,]  we  saw 
the  time  it  took  to  execute  trades  rapidly 
decrease  while  our  trading  volume  and 
message  traffic  just  about  quintupled. 
Increasing  our  speed  and  capacity  so  dra¬ 
matically  had  a  huge  and  profound  effect  on 
our  growth.  It  also  enabled  us  to  keep  up 
with  the  growth  in  orders  coming  into  the 
system.  Today,  we  handle  more  than  8,000 
transactions  every  second  with  an  average 
response  time  around  40  milliseconds. 
Two  years  ago,  we  handled  1,000  transac¬ 
tions  per  second  at  an  average  response 
time  of  140  milliseconds.  This  increase  in 
transaction  capability  helps  our  customers 
better  manage  their  positions  in  the  mar¬ 
ketplace  and  better  manage  their  risk  port¬ 
folio,  both  of  which  are  critical  to  them. 

IT  clearly  plays  a  critical  role  in  the 
CME's  day-to-day  operations.  How  is 
it  helping  you  achieve  larger  strategic 
objectives? 

Bringing  electronic  trading  functionality 
to  our  options  markets  is  a  top  strategic  pri¬ 
ority.  We  have  to  replicate  the  functionality 
that  traders  use  to  buy  and  sell  options  in 
the  open  outcry  environment,  or  the  call- 
around  market,  with  computer  systems. 
Close  to  86  percent  of  our  futures  products 
trade  electronically.  Our  options  products 
trade  almost  entirely  on  the  floor.  Today, 
8  percent  of  our  options  trade  electroni¬ 
cally,  up  from  3  percent  a  year. 

Options  contracts  are  not  quoted  in  the 
same  way  as  futures.  There’s  50,000  or 
60,000  different  combinations  of  options 
across  different  strike  prices  and  maturities 
that  can  be  traded,  which  potentially  makes 
electronic  options  less  liquid.  So  if,  for 
example,  there’s  a  significant  earnings  dis¬ 
appointment  in  the  equity  market  on  the 
New  York  Stock  Exchange  that  causes  the 
whole  market  to  tumble,  your  risk  as  an 


options  trader  is 
enormous.  You  need 
functionality  that 
allows  you  to  cancel 
all  your  quotes 
immediately  and 
simultaneously.  So 
the  technology  enabling  the  electronic  trad¬ 
ing  of  options  has  to  be  more  sophisticated 
and  complex.  It’s  been  a  big,  multiyear 
effort  for  us,  and  one  that  will  continue  for 
the  next  several  years. 

You  and  CIO  Jim  Krause  have  worked 
together  during  the  past  17  years.  How 
has  your  relationship  evolved? 

We  did  sort  of  grow  up  together,  although 
he’s  a  lot  older  than  me.  [He  laughs.]  It’s  a 
funny  thing:  Jim  is  known  for  having  a 
crusty  demeanor.  He  had  a  pretty  senior 
role  in  technology  when  I  joined  as  a  junior 
attorney.  In  the  very  beginning,  my  role  was 
to  support  Jim’s  activities  and  to  provide 
[legal]  services  to  Jim.  To  be  honest,  I  was 
scared  to  death  of  him  because  he’s  very 
smart  and  not  necessarily  warm  and  cuddly. 
I  quickly  developed  a  huge  amount  of 
respect  for  him.  I’d  like  to  think  that  I  earned 
his  respect  in  my  capacity  [as  an  attorney]. 

Jim  is  an  extraordinarily  unique  CIO 
because  he  has  evolved  with  our  organiza¬ 
tion.  It’s  rare  to  have  a  CIO  who  knows  the 
business  in  the  way  that  he  does.  Jim  built 
everything  we  operate:  our  clearing  sys¬ 
tem,  our  Globex  system,  our  distribution 
system  and  our  market  data  system.  He’s 
done  it  all.  That’s  not  common  in  most  large 
technology  organizations  where  you  typi¬ 
cally  have  an  enterprisewide  CIO  with 


Listen  In 


To  hear  more  of  Senior  Writer  Meridith 
Levinson’s  interview  with  CRAIG  DONOHUE, 
go  to  www.cio.com/podcasts  and  download 
the  podcast. 
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tremendous  depth  in  one  area  and  not  a  lot 
of  breadth  in  another. 

If  anything  has  changed,  I  think  it’s  just 
that  I’ve  increasingly  taken  on  a  very  dif¬ 
ferent  role  here  over  the  years.  Our  rela¬ 
tionship  has  become  more  a  partnership  of 
equals.  Jim  is  an  equal  because  he’s  helping 
devise  the  business  environment  that  makes 
the  CME  successful  and  profitable.  He  pro¬ 
vides  solutions  that  directly  impact  the  cus¬ 
tomer  and  whether  or  not  we  make  money. 

Describe  the  reporting  relationship 
between  you  and  Jim  Krause. 

I  don’t  deal  with  Jim  directly  on  the  opera¬ 
tional  side.  The  president  and  chief  operat¬ 
ing  officer,  Phupinder  Gill,  does  that.  I  spend 
a  lot  of  my  time  as  CEO  of  a  public  company 
traveling  and  meeting  with  institutional 
shareholders  and  analysts,  and  I  spend  time 
with  customers  and  regulators.  So  it  is  not 
possible  for  me  to  stay  on  top  of  the  day-to- 
day  issues.  But  on  the  larger  strategic  issues 
of  acquiring,  licensing  or  developing  tech¬ 
nology,  and  creating  flexibility  for  the  com¬ 
pany  with  respect  to  our  ownership  or 
control  of  technology,  Jim  and  I  have  done  all 
of  that  together  over  the  last  17  or  18  years. 
Culturally,  the  CME  isn’t  a  very  rigid  or  hier¬ 
archical  organization.  Jim  and  I  have  very 
open  lines  of  communication.  If  he  needs  to 
speak  with  me  he  can  reach  me  and  vice 
versa,  whether  that  is  in  person,  over  the 
phone  or  via  e-mail. 

The  Tokyo  Stock  Exchange  came 
under  fire  last  year  for  problems  with 
its  computer  systems.  Is  that  your 
worst  nightmare? 

That  is  my  greatest  fear.  We  are  a  vital  part 
of  the  global  economy.  If  our  systems  are  not 
operable  or  we’ve  got  slowdowns,  errors  or 
malfunctions  causing  problems  in  the  mar¬ 
ket  itself,  that’s  a  huge  concern.  We’ve  strug¬ 
gled  through  those  issues  in  the  past,  and 
we’ve  had  to  build  up  the  reliability  of  our 
systems  and  our  processes.  We  do  extensive 
testing  before  we  implement  new  products 
or  new  trading  models  in  the  production 
environment.  It’s  something  we  have  to  be 
cognizant  of  every  day,  all  day.  QQ 


Senior  Writer  Meridith  Levinson  can  be  reached  at 
mlevinson@cio.com. 
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CONTRARYTO  POPULAR  BELIEF,  i 
THE  REAL  POINT  OF  SERVICE  f 
MANAGEMENT  IS  NOT  TO  OPTIMIZE  I.T 
OPERATIONS  OR  APPLICATIONS. 

THE  REAL  POINT  IS  TO  OPTIMIZE 
I.T.  FOR  YOUR  BUSINESS. 


When  your  I.T.  department  is  focused  on  Service 
Level  Management;  Problem  Management; 
and  Change,  Configuration,  and  Release 
Management-it  can  be  easy  to  lose  track 
of  the  real  reason  for  all  this  work: 

The  health  of  your  business. 

So  the  real  question  is:  Can  you  equip  your 
people  to  focus  on  business  outcomes  instead 
of  I J.  outcomes? 

Now  you  can.  And  we  can  help. 

With  Mercury  BTO  Enterprise™  the  first  software 
and  services  suite  designed  to  help  reduce  the 
time,  costs,  and  risks  to  your  business  outcomes. 

We’d  like  to  prove  it  to  you. 

Please  call  us  at  1-800-837-8911  or  visit 
mercury.com/itil. 

We’ll  help  you  make  very  sure  that  your  I.T. 
department’s  objective  is  the  same  as  your 
business  objective. 


CALL  MERCURY  AND  ASK 
HOW  YOU  CAN  OPTIMIZE  I.T 
FOR  BUSINESS  OUTCOMES. 


MERCURY 


BUSINESS  TECHNOLOGY  OPTIMIZATION 


e  2006  Mercury  Interactive  Corporation.  All  rights  reserved.  Mercury  Interactive,  the  Mercury  logo,  Mercury  and  Mercury  BTO  Enterprise  are  trademarks  of  Mercury 
Interactive  Corporation  and  may  be  registered  in  certain  jurisdictions, 
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Ten  years  after  the 
Clinger-Cohen  Act 

was  passed  to  fix 
federal  IT,  federal  IT 
remains  broken. 
Government  CIOs 
tell  us  why. 

BY  ALLAN  HOLMES 


LAST  DECEMBER  }  about  60  people— mem¬ 
bers  of  the  IT  staff  at  the  U.S.  Transportation  Department 
and  friends— gathered  in  a  large  conference  room  in  the 
agency’s  Washington,  D.C.,  headquarters  to  say  goodbye  to 
Dan  Matthews,  Transportation’s  CIO  for  nearly  three  years. 
Matthews  was  leaving  to  work  for  Lockheed  Martin.  John  Fla¬ 
herty,  chief  of  staff  for  Transportation  Secretary  Norman 
Mineta,  stood  up  to  say  a  few  words  about  Matthews’  accom¬ 
plishments,  pointing  out  that  Matthews  was  always  quick  to 
help  Mineta  when  his  BlackBerry  wasn’t  working. 

Flaherty  wasn’t  kidding. 

A  number  of  people  present  saw  Flaherty’s  comment  as  a 
perfect  illustration  of  why  IT  at  the  federal  level  is  so  troubled. 
Government  CIOs  are  still  seen  as  guys  who  fix  BlackBerrys. 

“Agency  executives  know  that  CIOs  provide  a  vital  resource 
to  organizations— they  just  don’t  know  what  it  is,”  Matthews 
wrote  in  an  e-mail  about  the  incident. 

If  you’re  thinking  there  oughta  be  a  law  against  that  kind  of 
antediluvian  attitude,  there  is.  The  Clinger-Cohen  Act,  passed 
in  a  rare  act  of  bipartisanship  10  years  ago,  outlined  steps  that 
were  designed  to  cast  federal  CIOs  in 
the  role  of  strategists  who  could  help 
agencies  formulate  new  business 
processes  to  streamline  operations, 
improve  the  delivery  of  public  serv¬ 
ices  and  reduce  the  risk  of  system  dis¬ 
asters  that  test  citizens’  faith  in 
government— and,  from  time  to  time, 
put  their  lives  in  danger.  Officially 


Reader  ROI 

::  Why  federal  IT  is 
so  prone  to  failure 

::  The  impact  of 
politics  on  project 
management 

::  How  to  fix  the 
problem 
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Federal  IT 


known  as  the  Information  Technology  Management  Reform  Act  of 
1996  (and  later  renamed  the  Clinger-Cohen  Act  after  Rep.  William 
Clinger  and  Sen.  William  Cohen,  who  pushed  the  legislation  through), 
the  law  demanded  that  federal  agencies  follow  corporate  America’s 
best  practices  for  managing  IT.  Agencies  were  required  to  hire  a  CIO, 
institute  investment  controls  and  establish  performance  goals  and 
metrics  to  measure  progress.  The  law  was  hailed  as  the  tool  that 
would  finally  fix  federal  IT. 

“We  really  thought  we  had  it  nailed,”  says  Paul  Brubaker,  one  of 
the  lead  authors  of  the  law  when  he  worked  as  a  Republican  staff 
director  for  Cohen.  “We  were  going  to  change  the  way  government 
managed  IT  and  in  doing  so,  possibly  change  government.” 

Obviously,  that  hasn’t  happened. 

Roots  of  the  Problem 

Federal  IT  systems  are  still  failing  at  an  alarming  rate  nearly  10 
years  after  Clinger-Cohen  was  signed  into  law  by  President  Clinton. 
For  example,  of  16  IT  projects  in  the  Federal  Aviation  Administra¬ 
tion’s  massive  25-year-old  modernization  program,  13  are  over 
budget,  ranging  from  $1.1  million  to  $1.5  billion,  according  to  the 
Government  Accountability  Office.  The  Army’s  Future  Combat 
System— a  fully  integrated  set  of  networks  to  deliver  real-time  infor¬ 
mation  to  the  battlefield  through  sensors  that  pinpoint  high-tech 
weapons— could  come  in  as  much  as  $130  billion  over  its  original 
2001  budget  estimate  of  $70  billion.  The  Interior  Department’s  IT 
systems  have  proved  so  insecure  that  over  the  past  three  years  a  fed¬ 
eral  judge  has  repeatedly  ordered  the  department  to  shut  down  all 
its  Internet  access.  The  list  goes  on,  with  the  IRS’s  repeated  failures 
to  modernize  and  the  disaster  of  the  FBI’s  virtual  case  file  system 
merely  two  of  the  most  well-publicized  examples. 

In  all,  from  January  2004  through  March  2006,  the  GAO  issued 
98  reports  on  federal  IT  management,  with  almost  every  blue- 
covered  report  finding  serious  management  flaws  that  increased 
the  risk  of  IT  failures. 

The  fundamental  problem  is  that  no  matter  how  talented  the 
CIOs  (and  many  have  been  capable,  proven  executives  who  moved 
to  the  federal  government  after  successful  careers  in  the  private  sec¬ 
tor  with  the  admirable  ambition  of  bringing  their  skills  to  bear  on 
bigger  and  more  socially  significant  problems  than  the  ones  they 
tackled  in  the  corporate  world),  they  have  been  set  up  for  failure 
by  a  political  and  bureaucratic  system  that  has  changed  little  since 
the  Clinger-Cohen  Act  became  law. 

Former  federal  CIOs  say  Clinger-Cohen  was  thoughtfully  con¬ 
structed  and  highly  detailed  but  fell  apart  in  practice.  Lacking 
any  real  enforcement  mechanisms,  its  provisions  called  for  changes 
that  could  easily  be  subverted  or  simply  ignored.  For  example, 
the  centerpiece  of  the  legislation,  creating  a  CIO  position  for  the 
agencies,  quickly  fell  prey  to  political  maneuvering  that  in  many 
cases  left  those  CIOs  with  little  real  influence  over  policy-making, 
where  real  political  power  lies. 

“The  Clinger-Cohen  Act  was  totally  bastardized  to  fit  political 
agendas  in  both  [the  Clinton  and  first  Bush]  administrations,  miss¬ 
ing  the  point  of  making  the  CIO  a  strategic  player  in  an  agency 


The  Clinger-Gohen  Act 

What  It  Is 

Congress  passed  the  Clinger-Cohen  Act  in  1996  to  instill 
private-sector  IT  management  best  practices  in  federal  agencies. 
One  of  the  most  important  provisions  of  the  law  requires  the 
largest  agencies  to  create  a  CIO  position.  The  CIO  was  envisioned 
to  be  a  top-level  executive  who  would  provide  strategic  insight  into 
how  IT  could  help  mold  the  business  processes  used  to  deliver 
public  services.  The  law  also  did  away  with  much  of  the  bureau¬ 
cratic  red  tape  that  agencies  were  required  to  follow  to  purchase 
IT  equipment  and  services,  which  prolonged  many  procurements 
by  years.  The  Clinger-Cohen  Act’s  primary  provisions  are: 

»  Create  a  CIO  position  that  reports  to  the  head  of  the  agency, 

»  Develop  an  IT  capital  planning  and  investment  process. 

»  Set  performance  goals  and  standards  for  IT  systems. 

»  Create  an  enterprise  architecture. 

»  Evaluate  the  skills  of  the  agency’s  IT  staff  and  identify  skill  gaps. 

»  Evaluate  the  IT  skills  of  the  agency’s  executives. 

»  Develop  hiring  and  training  plans  for  the  agency’s  workforce 
to  improve  IT  management. 

Why  It  Failed 

»  Most  federal  CIOs  do  not  report  to  the  head  of  an  agency  and 
few  have  full  authority  over  the  agency’s  IT  budget. 

»  Capital  planning  and  investment  reviews  fail  because  reports 
are  seen  as  paperwork  exercises,  and  the  Office  of  Manage¬ 
ment  and  Budget  does  not  measure  results  or  work  with  agen¬ 
cies  to  fix  specific  weaknesses  in  the  most  high-risk  IT  projects. 

»  Few  agencies  measure  whether  performance  goals  and 
standards  have  been  met  and  are  given  little  guidance  on  how 
to  do  so. 

»  Most  agency  architectures  are  too  technical  and  detailed 
(down  to  the  desktop)  and  do  not  serve  as  a  blueprint  of  an 
agency’s  business  processes,  including  where  systems  need 
to  be  interoperable  and  the  best  way  to  apply  technology. 

»  Lack  of  project  management  skills  is  still  cited  as  one  of  the 
primary  causes  of  project  failures. 

»  Agency  leaders  still  lack  knowledge  of  IT’s  role.  -A.H. 

rather  than  just  the  technology  go-to  guy,”  says  a  frustrated 
Brubaker.  “We  have  the  same  basic  problems  we  did  10  years  ago.” 

To  find  out  what  these  problems  are— and  how  to  address  them 
properly— C70  interviewed  dozens  of  current  and  former  federal 
CIOs  and  government  officials.  We  discovered  four  broad  prob¬ 
lems:  the  CIO’s  lack  of  authority,  specifically  over  budgets;  cultural 
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of  its  operations;  and,  in  some  cases,  impacted  the  morale  of  our 
fighting  forces  that  are  in  harm’s  way.” 

“Ultimately  this  is  a  security  threat,”  says  John  Reece,  a  former 
IRS  CIO  and  now  a  consultant  to  the  federal  government.  “If  we 
can’t  get  beyond  the  legacy  systems  we  have  today,  while  our  ene¬ 
mies  are  starting  off  with  state-of-the-art  technology,  what’s  going 
to  happen  is  they’re  going  to  absolutely  tear  us  to  pieces  again.  I  say 
this  because  I,  and  others  like  me,  give  a  big  damn  about  what 
we’ve  been  trying  to  do,  and  we  would  like  to  see  this  stuff  get 
cleaned  up  before  it’s  too  late.” 


Problem  1: 

The  CIO’s  Lack  of  Authority 

In  the  private  sector,  if  CIOs  don’t  report  to  the  CEO  (or  at  least  sit 
in  on  C-level  meetings),  IT  strategy  will  suffer  or,  at  best,  become  pre¬ 
dominantly  tactical.  The  CIO’s  authority  is  limited,  even  if  his 
accountability  isn’t.  According  to  CIOs  who  have 
tried  to  bring  their  private-sector  experience  to 
government,  at  most  federal  agencies  CIOs  simply 
don’t  have  the  authority,  or  the  access,  to  do  their 
jobs  properly. 

Steve  Cooper,  a  former  CIO  at  technology  com¬ 
pany  Corning,  decided  to  join  the  federal  govern¬ 
ment  after  he  witnessed  the  collapse  of  the  Twin 
Towers  in  New  York  City.  A  former  Naval  officer, 
he  had  experience  with  the  intricacies  of  govern¬ 
ment.  But  when  he  became  the  first  CIO  at  the 


and  political  resistance  that  derails  sound  IT  practices;  poor  proj¬ 
ect  management  discipline;  and  paperwork  exercises  that  require 
CIOs  and  their  staffs  to  spend  huge  amounts  of  time  proving  that 
they  are  adhering  to  administration  directives. 

These  problems  aren’t  simply  about  wasted  effort  and  expense. 
Lives  are  at  stake: 

»  Federal  networks,  for  example,  are  more  vulnerable  to  attack 
from  hackers  and  terrorists  than  five  years  ago,  according  to  the  GAO. 

» 'The  FAA’s  air  trafiic  control  system  at  Boston’s  Logan  Airport  mal¬ 
functioned  last  October,  showing  false  aircraft  icons  on  radar  screens. 

»  Federal  communications  systems  broke  down  after  Hurri¬ 
cane  Katrina,  hindering  rescue  attempts. 

»Army  units  in  Iraq  routinely  run  out  of  critical  supplies 
because  of  failures  in  supply  chain  systems.  The  GAO  has  charged 
that  the  Department  of  Defense’s  “substantial  long-standing  man¬ 
agement  problems  related  to  business  operations  and  systems 
have  adversely  affected  the  economy,  efficiency  and  effectiveness 
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Department  of  Homeland  Security  in  2003  (after 
spending  a  year  as  CIO  of  the  Department’s  pre¬ 
cursor,  the  Homeland  Security  Office),  he  ran  into 
a  culture  that  viewed  the  CIO  as  a  technologist, 
not  as  a  strategist  who  could  help  mold  an  organi¬ 
zation’s  business  processes. 

Congress  and  the  Bush  administration  envi¬ 
sioned  that  DHS  would  use  IT  to  gather  intelligence 
and  share  it  among  federal  agencies  to  better  fight 
terrorism.  With  IT  playing  such  a  critical  role,  the 
agency’s  CIO,  presumably,  would  have  direct  access 
to  the  secretary  (the  CEO  equivalent),  and  be 
included  in  strategy  sessions  for  the  department’s 
$37  billion  IT  budget.  But  that  didn’t  happen.  In 
fact,  the  DHS  organizational  chart  doesn’t  even  list 
the  CIO  position  among  the  agency’s  29  top  senior 
positions.  From  the  beginning.  Cooper  found  him¬ 
self  locked  out  of  key  strategy  meetings.  And  his 
budget  requests— such  as  $39  million  for  network 
connections  between  DHS  agencies— were  sum¬ 
marily  cut,  in  this  case  by  $28  million,  in  a  closed- 
door  meeting  that  included  Janet  Hale,  DHS 
undersecretary  of  management  and  Cooper’s  direct 
boss.  Cooper  maintains  he  was  afforded  no  oppor¬ 
tunity  to  question  the  cut.  “That  one  decision  jeop- 

Continued  on  Page  S8 
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ardized  the  department  from  day  one,”  Cooper  says.  “In  most  of  the 
departments  where  the  CIO  does  not  report  to  the  secretary,  the  CIO 
is  marginalized.”  (DHS  public  relations  did  not  respond  to  repeated 
requests  for  an  interview  with  Hale,  who  resigned  in  February.) 

This  issue  of  access  and  authority  still 
exists  for  DHS  CIO  Scott  Charbo  today, 
according  to  DHS  Inspector  General 

Clinger-  Richard  Skinner.  In  his  annual  depart¬ 
mental  report  on  management  perform¬ 
ance  in  December,  Skinner  stated  bluntly 

Act  was  that  Charbo  did  not  have  the  authority  to  do 

I  I  II  his  job.  “Despite  federal  laws  and  require- 

LU  LC4  1 1  y  ments,  the  CIO  is  not  a  member  of  the  sen- 

bastardized  ior  management  team  with  the  authority  to 

strategically  manage  departmentwide  tech¬ 
nology  assets  and  programs,”  Skinner 
wrote.  (DHS  public  relations  did  not 
respond  to  repeated  requests  for  an  inter¬ 
view  with  Charbo.) 

Having  the  ear  of  the  head  of  an  agency 
does  not,  however,  automatically  guaran¬ 
tee  the  CIO’s  authority.  When  the  IRS’s 
Reece,  a  former  CIO  at  Time-Warner, 
accepted  the  CIO  position  in  March 2001,  he 
wanted  to  outfit  the  14,500  IRS  field  agents 
with  laptops  in  order  to  untether  them  from 
the  three  PCs  on  their  desks  that  they 
needed  to  access  various  legacy  systems. 
Although  each  laptop  cost  $300  more  than 
a  desktop,  Reece  argued  that  by  allowing 
the  agents  to  spend  more  time  in  the  field, 
the  extra  cost  easily  would  be  recouped  in 
increased  productivity. 
Reece  got  $45  million  in 
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-PAUL  BRUBAKER,  ONE  OF 
THE  LEAD  AUTHORS  OF  THE 
CLINGER-COHEN  ACT 


his  fiscal  2002  budget  to 
pay  for  the  upgrades.  But 
because  he  did  not  have 
control  over  spending,  the 
money  was  quickly  siphoned 
off  by  other  IT  managers  to  pay 
for  more  employees  to  manage  the 
existing  legacy  systems  and  the  three  desktop  PCs  needed  to  access 
them.  Soon,  Reece  had  nothing  left  for  the  laptops. 

“This  shows  how  little  control  I  had,”  Reece  says.  “What  laws 
the  government  has  to  oversee  IT  are  totally  ineffective,  are  not 
heeded  and  not  enforced.” 

If  federal  CIOs  are  going  to  have  a  chance 
to  turn  around  government’s  poor  IT  man¬ 
agement  record,  agencies  need  to  provide 
them  with  authority— especially  budget 
authority,  says  Joel  Willemssen,  who  heads 
up  the  IT  audit  division  at  the  GAO.  Though 
some  agencies  have  given  the  CIO  budget 
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authority  today,  they  are  the  minority.  “The  greatest  single  failure  of 
government  IT  has  been  the  lack  of  authority  provided  CIOs,”  he  says. 

Another  aspect  of  authority  is  tenure.  To  effectively  develop  and 
oversee  the  implementation  of  major  programs,  CIOs  need  to  stick 
around.  Indeed,  the  tenure  of  CIOs  has  been  rising  steadily  in  recent 
years,  to  an  average  of  four  years,  11  months,  according  to  CIO’s 
“State  of  the  CIO  2006”  survey.  But  the  average  tenure  of  a  federal 
CIO  today  is  two  years,  according  to  Willemssen.  (Willemssen  says 
best  practices  recommend  a  minimum  three-to-five-year  term  for 
federal  CIOs.)  The  reasons  for  CIOs’  short  terms  are  numerous, 
including  the  frustrations  of  the  job,  a  culture  of  public  service  that 
says  two  years  is  enough  to  give  to  your  country,  and  the  pay.  (Fed¬ 
eral  CIOs  cannot  earn  more  than  $133,000  a  year.)  Of  course,  agency 
heads  have  to  make  good  choices  if  they  are  going  to  leave  CIOs  in 
place  for  five  years.  “All  the  stature  and  power  in  the  world  is  no  help 
when  you  can’t  take  an  IT  agenda  and  drive  it,”  says  Dan  Chenok, 
former  branch  chief  of  Information  Policy  and  Technology  in  the 
Office  of  Management  and  Budget. 

Problem  2: 

Politics  as  Usual 

When  the  federal  CIO  role  was  mandated  by  the  Clinger-Cohen  Act 
in  1996,  the  job  was  considered  a  career  position  to  which  anyone  could 
apply.  The  Bush  administration,  however,  began  appointing  people 
to  some  of  these  positions,  with  some  requiring  Senate  confirmation. 

All  presidents  employ  appointments  as  a  way  to  repay  political 
debts,  but  many  present  and  former  federal  CIOs  believe  that  gov¬ 
ernment  IT  has  suffered  badly  under  this  practice,  mostly  because 
so  much  specialized  knowledge  is  required  to  do  the  job  effectively. 
Today,  11  federal  CIO  positions  are  appointed  (out  of  dozens  of 
CIOs  in  the  federal  government),  mostly  to  larger  agencies  such  as 
DHS.  Of  those  11,  five  positions  are  vacant,  and  among  the  other  six, 
three  of  the  appointees  came  in  with  little  or  no  IT  management 
experience.  Some  IT  experts  argue  that  politically  appointed  CIOs 
have  more  clout  because  their  affiliation  with  the  White  House 
means  they  may  be  more  trusted  and  respected  by  the  top  execu¬ 
tives— also  politically  appointed— in  the  department. 

But  many  federal  CIOs  say  off  the  record  (none  would  go  on 
record)  that  the  appointments  process  has  delayed  many  critical 
IT  projects  as  the  appointees  come  up  to  speed  on  agency  processes 
without  having  the  understanding  of  IT  management  that  career 
managers  possess. 

In  2001,  for  example.  President  Bush  appointed  Vickers  Meadows 
as  assistant  secretary  for  administration  and  CIO  for  the  Department 
of  Housing  and  Urban  Development.  Meadows  had  no  previous 

_  experience  in  IT.  She  had  served  as  Bush’s 

head  of  administration  while  he  was  gov¬ 
ernor  in  Texas,  and  later  she  headed  up  the 
administrative  transition  team  in  the  White 
House.  In  less  than  18  months.  Meadows 
left  HUD,  and  the  CIO  position  reverted  to 
a  career  post.  During  her  tenure,  the  HUD 
inspector  general  issued  numerous  criti- 
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cal  reports  on  the  department’s  IT  management  practices,  including 
poor  security  controls,  systems  open  to  attack,  and  IT  system  proj¬ 
ects  being  started  before  developing  architecture  plans,  establishing 
business  processes  and  identifying  how  systems  would  function. 
(Meadows  did  not  respond  to  CIO’s  requests  for  comment.) 

In  2003,  Bush  appointed  Drew  Ladner  to  head  up  the  Trea¬ 
sury  Department’s  CIO  office  and  its  $2.6  billion  IT  budget.  Lad¬ 
ner,  a  then-34-year-old  entrepreneur  who  had  launched  two 
dotcom  companies,  Clique.com  and  Ripcord  Systems,  worked  at 
Treasury  for  little  more  than  a  year  before  leaving.  Today,  the 
Treasury  Department  CIO  is  no  longer  appointed.  (Ladner  could 
not  be  reached  for  comment.) 

In  2004,  Bush  named  Bob  McFarland  as  CIO  for  the  Depart¬ 
ment  of  Veterans  Affairs.  McFarland,  who  worked  as  vice  president 
of  government  relations  at  Dell  Computer  and  headed  up  business 
units  for  the  computer  maker,  had  no  CIO  experience.  Under 
McFarland,  the  VA  continued  to  struggle  with  IT  management 
issues.  Its  security  grade,  as  issued  by  Congress,  dropped  from  a 
C  in  2003  to  an  F  in  2004  and  again  in  2005. 

Still,  McFarland,  who  left  the  VA  in  April,  claims  that  he  was  able 
to  make  major  changes  that  no  career  CIO  could  have.  For  example, 
he  says  he  convinced  Congress  to  give  the  VA  CIO  control  over  the 
department’s  $1.6  billion  total  IT  budget  (initially,  McFarland  con¬ 
trolled  only  $50  million  of  the  total),  and  pushed  through  a  reor¬ 
ganization  supported  by  VA  Secretary  James  Nicholson  that  gives 
the  CIO  control  over  all  IT  personnel  and  equipment.  The  VA’s 
hundreds  of  field  offices,  hospitals  and  clinics  previously  had  con¬ 
trol  over  their  own  IT  budgets,  personnel  and  IT  equipment.  “To  get 
those  kinds  of  things  done,  you  truly  have  to  be  politically  appointed 
with  a  seat  at  the  [senior  management]  table,’’  McFarland  says.  “I 
don’t  have  to  worry  about  my  next  career  move.  I  can  be  a  change 
agent  and  not  worry  about  being  a  good  guy  and  pleasing  everyone.” 

However,  some  CIOs  have  obtained  full  budget  authority  while 
holding  a  career  position,  such  as  Zalmai  Azmi,  CIO  at  the  FBI,  who 
took  control  over  the  bureau’s  budget  last  year.  More  significantly,  the 
GAO  concluded  in  a  2005  report  that  the  government’s  most  effective 
CIOs  “had  [a]  background  in  information  technology  or  related  fields, 
[with]  many  having  previously  served  as  CIOs.  Many  also  had  busi¬ 
ness  knowledge  related  to  their  agencies,  having  previously  worked 
either  at  the  agency  or  in  an  area  related  to  its  mission.” 

But,  as  a  top  federal  IT  executive  currently  working  for  a  major 
agency  (speaking  on  the  condition  of  anonymity)  says,  “This 
administration  doesn’t  like  government;  it  doesn’t  like  career 
bureaucrats.” 

Unfortunately,  that  aversion  to  government  has  not  improved 
the  chances  for  government  IT  success. 


Problems: 

Welcome  to  the  Bureaucracy 

The  Clinger-Cohen  Act  was  supposed  to  improve  IT  project  man¬ 
agement  practices  by  requiring  CIOs  to  assess  the  skill  sets  they  had, 
determine  what  IT  skills  they  needed  to  meet  mission-critical 
requirements  and  then  fill  in  whatever  gaps  they  saw  by  hiring  or 


Politically  Appointed  CIOs 

Department  of  Defense  John  G.  Grimes 

Last  positions: 

1.  VP  of  Intelligence  and  Information  Systems 
for  the  Washington  Operations,  Raytheon 

2.  Deputy  Assistant  Secretary  of  Defense  for 
Counterintelligence  and  Security  Countermeasures 

Department  of  Agriculture  David  Combs 


Last  positions: 

1.  Special  assistant  to  the  CIO,  overseeing  project 
management  of  selected  key  USDA  IT  investment 
projects 

2.  Special  assistant  to  the  Administrator  of  Rural  Utilities 
Service,  with  responsibilities  including  strategic  planning 
and  IT  support  services 

Social  Security  Administration  Thomas  Hughes 


Last  positions: 

1.  Managed  own  consulting  firm 

2.  Senior  consultant  for  PricewaterhouseCoopers 


Department  of  Labor  Patrick  Pizzella 
Last  positions: 

1.  Chief  of  staff  to  the  director  at  the  U.S. 

Cffice  of  Personnel  Management 

2.  Government  affairs  counselor,  Preston,  Gates, 
Rouvelas  Meeds,  a  policy  practice  group 

Department  of  Homeland  Security  Scott  Charbo 
Last  positions: 

1.  CIC  of  the  Agriculture  Department 

2.  President  of  MPowerS  and  extension  agent  for 
the  University  of  Florida’s  Institute  of  Food  and 

Agricultural  Sciences 

CIO  Wanted 

At  press  time,  the  CIO  pcsiticn  at  these 
agencies  was  vacant 

□  U.S.  Agency  for  International  Development 

□  Department  of  Veterans  Affairs 

□  Department  of  Transportation 

□  Department  of  Education 

□  Environmental  Protection  Agency 

□  Small  Business  Administration 
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training  employees.  That  hasn’t  happened.  According  to  present  and 
former  federal  CIOs,  federal  oversight  inspectors  and  project  man¬ 
agement  experts,  federal  project  managers  routinely  do  not  follow 
even  some  of  the  more  basic  project  management  practices,  such  as 
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conducting  ROI  analyses,  developing  thorough  business  cases  or 
establishing  project  management  offices— the  absence  of  which 
increases  the  chances  for  project  failures. 

The  0MB  has  tried  to  instill  some  discipline,  in  2001  requiring 
agencies  to  begin  submitting  business  cases  for  proposed  IT  systems. 
Tliese  cases  must  show  return  on  investment,  demonstrate  that  proper 
project  management  practices  are  being  followed  and  articulate  how 
the  system  will  help  the  agency  fulfill  its  mission.  The  0MB  reported 
in  2005  that  of  the  1,200  business  cases  it  received  that  fiscal  year,  621 
projects  totaling  $22  billion  did  not  meet  its  standards.  But  the  GAO 
reported  in  2005  that  the  0MB  neither  created  a  list  of  the  projects  and 
their  weaknesses,  nor  did  it  develop  a  monitoring  process  to  determine 
if  agencies  were  making  progress  on  addressing  those  weaknesses, 
possibly  leaving  “unattended  weak  projects  consuming  significant 
budget  dollars.” 

“By  now,”  says  Bruce  McConnell,  a  former  OMB  IT  official  in  the 
Clinton  administration  and  now  president  of  the  consulting  firm 
McConnell  International,  “the  business  cases  have  become  largely 
a  paper  exercise,  especially  when  you  match  the  volume  of  reports 
with  OMB’s  capacity  to  review  them.  OMB  should  focus  on  results 
and  manage  by  exception,  requiring  detailed  reports  only  where 
there’s  a  history  of  problems.” 

But  the  reasons  that  basic  project  management  disciplines  are 
not  followed  cannot  all  be  ascribed  to  incompetence,  mismanage¬ 
ment  or  red  tape.  For  example,  one  of  the  largest  IT  transformations 


in  government  is  occurring  in  the  DoD.  The  department  is  mod¬ 
ernizing  its  business  management  systems,  which  account  for 
$605  billion  a  year  in  operating  costs. 

Part  of  the  modernization  effort  consists  of  developing  an  ERP 
system  to  connect  DoD’s  business  systems.  But  because  DoD  oper¬ 
ates  so  many  systems  across  so  many  entities,  each  with  its  own 
organizational  structure,  governance  and  leadership,  trying  to 
manage  the  project  is  an  exercise  in  futility,  says  Drew  Miller,  a 
consultant  with  Heartland  Management  Consulting  Group  who 
worked  as  a  program  manager  on  the  project  in  2005.  Miller  over¬ 
saw  the  development  of  architecture  requirements  for  strategic 
planning  and  budget  systems  and  policy  for  the  overall  program. 
Miller  says  anytime  a  back-end  system  was  altered  in  any  way, 
interfaces  to  other  systems  had  to  be  redone,  diverting  time  from 
developing  new  systems.  Because  the  systems  (a  total  of 542  account¬ 
ing  and  financial  management  systems  and  665  human  resources 
systems)  span  the  entire  DoD  enterprise,  correlating  decisions  on 
software  or  on  configurations  is  close  to  impossible.  Miller  says. 

What’s  needed  is  a  top-level  executive  to  make  enterprisewide 
decisions,  suggests  Miller,  and  the  GAO  has  recommended  Con¬ 
gress  establish  a  chief  management  officer  for  the  DoD  business 
systems  modernization  effort.  The  chief  management  officer  would 
serve  for  no  less  than  seven  years,  work  in  concert  with  the  DoD 
CIO  and  top  program  managers  to  focus  attention  at  the  enterprise 
level  on  how  systems  should  be  integrated,  and  act  as  the  liaison 


Patterns  of  Failure 


Federal  IT  projects  run  over  budget,  fall  behind  schedule  and  collapse  with  depressing  regularity 


Agency 

Project 

Budget 

Money 

Spent 

Project 

Schedule 

Status 

Dept,  of  the 

Interior 

Consolidate  16  financial 
systems  to  one 

$120  million 

$63  million 

2003-2007 

Failed.  Restarting  project. 

Dept,  of 

Homeland  Security 

Infrastructure  upgrade 

$550  million 

$104  million 

2002-2004 

Failed  to  meet  project  specifications 
required  by  law. 

Dept,  of  Defense 

Online  travel  booking 
system 

$464  million 

$264  million 

1998-2002 

Fouryears  behind  schedule. 

FBI 

Web-based  case 
management  system 

$119  million 

$170  million 

2001-2004 

Failed.  Restarting  project. 

Transportation 

Security 

Administration 

Infrastructure 

modernization 

$1  billion 

$834  million 

2003-2009 

Failed.  Restarting  project. 

Dept,  of 

Homeland  Security 

Integrate  eight  legacy 
financial  systems 

$229  million 

$18  million 

2003-2005 

Failed.  Restarting  project. 

IRS 

Data  security 

N/A 

N/A 

2002-present 

Still  defining  security  controls. 

Federal  Aviation 
Administration 

Air  traffic  control 
for  16  projects 

$8.3  billion 

$11.4  billion 

Four  projects  on  schedule; 

12  projects  1  to  13  years 
behind. 

Reassessing  investments  and 
practices. 

SOURCES:  GAO:  Inspectors  general  at  DHS.  DoJ  and  DoD:  CIO  reporting 
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between  tlie  hundreds  of  IT  program  managers. 

The  people  systems  in  federal  IT  are  also  tan¬ 
gled.  Hiring  practices  are  mired  in  decades-old 
rules  and  laws  that  prevent  CIOs  from  quickly 
reworking  staffs  to  meet  needs.  For  example,  the 
federal  government’s  backlog  for  security  clear¬ 
ances,  which  many  IT  mangers,  programmers 
and  contractors  need  to  work  on  IT  systems  that 
handle  sensitive  and  classified  information,  is 
estimated  to  be  300,000  for  federal  employees 
and  more  than  half  a  million  for  contractors.  It  can 
take  months  to  obtain  a  clearance. 

So  far,  none  of  these  problems  have  been  fixed. 

Problem  4: 

Buried  in  Paper 

Like  private-sector  CIOs,  federal  CIOs  complain 
that  they  don’t  have  enough  time  to  focus  on  strat¬ 
egy.  But  at  least  private-sector  CIOs  don’t  need  to 
document  all  their  actions.  Frustrated  by  the  lack 
of  progress  and  accountability  in  major  IT  projects. 

Congress  and  the  0MB  began  in  2002  to  increase 
the  demands  on  CIOs  to  document  just  about 
everything  they  do. 

The  cure,  however,  may  be  worse  than  the  dis¬ 
ease.  CIOs  are  bogged  down  making  sure  IT  pro¬ 
gram  managers  are  filing  business  cases  and  earned  value  scores  to 
the  0MB,  while  periodically  writing  detailed  reports  to  Congress. 
The  CIOs’  chief  security  officers  may  have  it  even  worse,  spending 
nearly  half  their  working  day  (an  average  of  3.7S  hours)  documenting 
their  adherence  to  federal  security  requirements,  according  to  a  sur¬ 
vey  conducted  by  Intelligent  Decisions,  a  systems  integrator.  The 
result,  say  IT  executives  at  the  agency  level,  is  less  time  to  spend  on 
developing  secure  systems. 

The  root  of  much  of  this  paperwork  comes  from  the  2002  Fed¬ 
eral  Information  Security  Management  Act,  or  FISMA,  which 
actually  has  little  to  do  with  measuring  how  secure  systems  are, 
contends  Bruce  Brody,  the  head  of  information  security  at  market 
research  firm  Input  and  former  CSO  for  the  departments  of  Vet¬ 
erans  Affairs  and  Energy.  The  law  requires  agencies  to  file  quar¬ 
terly  reports  and  an  annual  report  each  September  to  Congress  and 
the  0MB  showing  that  they  are  complying  with  the  law— attesting 
over  and  over  that  they  have  certified  and  accredited  every  system, 
conducted  an  inventory  of  systems,  and  trained  employees  in 
security  awareness,  among  other  things.  “It’s  all  about  writing 
reports  and  counting  those  reports,”  agrees  Alan  Paller,  director 
of  research  at  the  SANS  Institute.  “It  doesn’t  actually  measure  if 
systems  are  secure.” 

Some  CIOs  and  CSOs  view  the  government’s  mandates  purely 
as  check-the-boxes  exercises— inviting  yet  more  negative  attention 
from  Congress.  It’s  not  therefore  surprising  that  the  government 
received  a  D  +  grade  from  Congress  in  March  on  FISMA  compliance. 

Karen  Evans,  administrator  of  e-government  in  the  0MB  and 


the  top  official  in  the  Bush  administration  over¬ 
seeing  IT  development,  defends  the  quarterly 
security  reports  as  a  way  to  tell  CIOs  and  their 
CSOs  what  to  focus  on.  “To  provide  that  report, 
you  have  to  know  what  service  you  provide,  the 
risk  it  imposes,  how  you  are  managing  configu¬ 
ration  management,  and  how  that  plays  into  all 
the  other  systems  and  inventories,”  says  Evans,  a 
former  CIO  at  the  Department  of  Energy.  “If  you 
don’t  know  what  the  lay  of  the  land  is,  then  you  are 
always  putting  out  fires,  and  there’s  no  way  to 
proactively  manage  the  risk.” 

CIOs  argue  that  the  landscape  is  already  well 
known.  What  they  need  is  time  to  traverse  it.  Brody 
and  Paller  recommend  that  0MB  establish  a  better 
methodology  for  performance  measurements. 
Instead  of  asking  whether  certain  actions  have  been 
taken,  it  should  ask  how  agencies  have  conducted 
specific  exercises  that  result  in  more  secure  sys¬ 
tems,  such  as  what  authentication  processes  CIOs 
have  deployed  and  what  processes 
agencies  are  using  to  monitor  and 
patch  systems,  how  quickly  patches 
are  disseminated,  how  often  pass¬ 
words  are  changed  and  what  con¬ 
vention  they  use  for  passwords. 
“Those  writing  the  requirements 
just  need  to  listen  to  those  doing  the 
work,”  says  Brody.  “We  all  want  our  sys¬ 
tems  secure.”  But,  he  adds,  “the  govern¬ 
ment  is  no  more  secure  today  than  it  was  five  years  ago— and  it 
wasn’t  secure  then.” 

The  Prescription: 

Leadership,  Not  Laws 

An  axiom  in  Washington  is  that  Congress  does  20  percent  of  the 
heavy  lifting  in  policy-making;  the  other  80  percent  is  accom¬ 
plished  in  federal  agencies  where  policies  are  interpreted  and 
implemented.  The  solution  to  improve  government  IT  management 
does  not  lie  in  more  legislation,  or  a  rework  of  the  Clinger-Cohen 
Act,  federal  IT  experts  say. 

As  in  the  private  sector,  the  solution  lies  in  leadership.  The  com¬ 
mon  thread  in  all  the  criticism  of  the  Clinger-Cohen  Act  will  sound 
familiar  to  private-sector  CIOs:  It  takes  buy-in  from  top  leadership 
to  change  how  organizations  operate,  and  that  includes  the  use  of  IT. 
A  good  place  to  start  may  be  with  those  who  are  leading  the  depart¬ 
ments  and  the  ultimate  agenda  setter,  the  White  House,  says  Paller. 
“If  everyone  is  failing,  then  it’s  not  the  pupil’s  problem,  it’s  the 
teacher’s  problem,”  he  says.  “And  that  means  the  teacher  needs  to 
look  at  what  he’s  doing  wrong.”  taia 


Washington  Bureau  Chief  Allan  Holmes  can  be  reached  via  e-mail  at 
aholmes@cio.com. 


The  Federal 
Information 
Security 
Management 
Act  is 

^^all  about 
writino 
reports  ana 
counting 
those 
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It  doesn't 
actually 
measure  if 
systems  are 
secure." 


-ALAN  PALLER, 
RESEARCH  DIRECTOR, 
SANS  INSTITUTE 
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Mid-IVIarket  Security 


CIOs  at  midsize  businesses  face  many 
of  the  same  security  problems  as  CIOs 
at  larger  companies,  but  with  a  lot 
fewer  resources.  What  they’ve  learned 
can  help  you  get  by  on  less. 

BY  SARAH  D.  SCALE! 


Stanley  “Stash”  Jarocki  is  used  to  get¬ 
ting  plenty  of  attention.  Once  the  VP  of 
IT  security  at  Morgan  Stanley,  Jarocki 
knows  what  it’s  like  to  manage  a  staff 
of  dozens  at  a  Fortune  SO  company 
that  spends  millions  of  dollars  on 
technology.  When  he  called  a  vendor, 
the  vendor  answered.  Quickly.  “I’d 
pick  up  the  phone,  and  the  company- 
service  provider,  hardware  provider, 
software  provider— would  be  in  the 
door  tomorrow,  today,”  Jarocki  says. 


But  that  was  then.  Jarocki  has  had  to  change 
his  tactics  and  expectations  now  that  he  works 
in  one  of  the  trickiest  spots  in  security:  right  in 
the  middle.  He  is  senior  VP  and  information 
security  officer  of  New  York  City-based  Besse¬ 
mer  Trust,  a  privately  held  wealth  manage¬ 
ment  company  with  $40  billion  in  assets  and 
just  600  employees.  When  it  comes  to  informa¬ 
tion  security,  ana¬ 


lysts  say,  working  at 
this  size  company 
can  be  the  worst  of 
both  worlds. 

“The  companies 
are  often  big  enough 
to  be  targets,  but 
not  necessarily  big 
enough  to  have  the 


Reader  ROI 

::  The  biggest  security 
challenges  at  mid¬ 
size  businesses 

::  How  mid-market 
CIOs  get  by  with 
incredibly  lean  staffs 

::  Why  smaller  com¬ 
panies  rely  so  much 
on  outsourcing 
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WellSpan  Health  CIO 
William  Gillespie  runs 
a  relatively  small  oper¬ 
ation  but  he’s  still 
accountable  for 
HIPAA  compliance. 


Mid-Market  Security 

staff  and  the  budget  to  do  security  well,”  says  John  Pescatore,  a  vice 
president  at  research  company  Gartner.  “They  often  don’t  have 
strong  IT  discipline,  and  that  causes  all  sorts  of  security  prob¬ 
lems.  But  they’re  big  enough  to  be  targets  of  cybercrime— somebody 
saying.  Let  me  go  after  this  plumbing  supply  company.  It’s  not  so  big, 
but  maybe  I  can  find  a  credit  card  file.”  ’What’s  more,  mid-market 
organizations  may  face  the  same  bevy  of  regulators  as  companies  10 
times  their  size. 

But  the  smaller  guys— that  is,  companies  with  revenue  between 
$100  million  and  $1  billion— are  being  pushed  to  get  better  at  secu¬ 
rity.  And  the  best  among  them  have  tips  about  managing  security  on 
a  budget  that  even  CIOs  with  gargantuan  budgets  could  learn  from. 
Here  are  three  ways  they’re  doing  more  with  less. 


Find  good  generalists— 
and  know  when  it’s  time 
to  call  in  extra  help. 

When  Robert  Lewis,  CISO  of  Cambridge  Health  Alliance  in  Cam¬ 
bridge,  Mass.,  was  nominated  for  Information  Security  Executive 
of  the  Year  for  the  New  England  region,  he  remembers  going  to  the 
gala  affair  and  watching  the  CISO  of  State  Street  pick  up  the  award. 

“Her  staff  in  security  was  larger  than  our  entire  IT  depart¬ 
ment,”  recalls  Lewis,  who  is  also  director  of  telecommunications 
and  network  services  at  the  nonprofit  group,  which  has  annual 
revenue  of  $466  million. 

The  biggest  challenge?  Finding  and  keeping  a  small  stable  of  tal¬ 
ented  security  employees  who  are  jacks-of-all-trades,  in  a  market¬ 
place  that  values  specialization.  “In  a  very  large  organization,  your 
security  group  will  have  a  huge  amount  of  specialization,”  says  Jim 
Reavis,  founder  of  an  eponymous  security  consulting  group.  At 
small  companies,  by  contrast,  “You  have  people  who  wear  a  lot  of 
hats.”  Mid-market  organizations  are  lucky  to  have  even  a  couple  of 
people  whose  jobs  are  entirely  devoted  to  information  security. 

But  having  generalists  on  staff  isn’t  a  bad  thing,  mind  you.  “In 
many  cases,  generalists  are  able  to  address  business  problems  bet¬ 
ter,”  says  Christofer  Hoff,  who  until  late  2005  was  CISO  of  WesCorp 
Federal  Credit  LFnion,  which  had  2004  revenue  of  $500  million. 
(Hoff  is  now  chief  security  strategist  at  Crossbeam  Systems,  a 
threat  management  vendor.)  A  lean  staff  of  generalists  also  can 
help  keep  headcounts  low  and  costs  down,  with  organizations 
bringing  in  extra  help  as  needed. 

“In  past  lives,”  Hoff  continues,  “I’ve  been  blessed  with  smart  gen¬ 
eralists  who  realize  that  at  times  when  they  don’t  have  the  skill  sets, 
they  [can]  raise  their  hands  and  suggest  that  we  need  to  augment 
our  skill  sets.  I’d  rather  have  that  than  a  guy  who  can  only  fire  a  bow 
and  arrow.  What  happens  when  he  runs  out  of  arrows?” 

At  Cambridge  Health,  Lewis  doesn’t  worry  about  his  group’s  two 
security  engineers  needing  only  arrows.  They  advocated,  for 
instance,  that  the  organization’s  approach  should  be  to  keep  things 
simple  by  focusing  on  security  “appliances”— products  that  do 
one  thing,  like  content  filtering  or  intrusion  detection,  but  offer  lit- 


Mid-Market 

Snapshots 


What’s  information  security  like  in  the  mid¬ 
market?  Anil  Miglani,  senior  VP  at  Access 
Markets  International  Partners,  a  consultancy 
that  specializes  in  small  and  midsize 
businesses,  provides  this  snapshot. 

Total  employees:  100  to  999 

Average  annual  IT  budget:  Approaching  $667,000,  with 
significant  variations  based  on  size  and  industry. 

Percentage  of  IT  budget  spent  on  security:  3%,  with 
more  security-conscious  businesses  spending  two  to  three 
times  as  much  as  others. 

Security  leadership:  CIOs  may  function  as  CISOs.  CISOs 
are  general  ly  present  only  at  the  larger  end  of  the  spectrum  or 
in  regulated  industries  such  as  finance  and  insurance. 

Major  challenges:  Limited  staff;  security  products  designed 
for  larger  enterprises  may  be  difficult  to  scale  down;  business 
may  lack  adequate  backup  systems. 

Tactics:  The  trend  is  toward  outsourcing  security,  storage  and 
disaster  recovery,  and  using  integrated  products  that  provide 
more  functionality. 

tie  customization.  Because  the  appliances  stand  alone  instead  of 
running  on  a  server,  when  something  goes  wrong  there’s  no  ques¬ 
tion  about  whether  the  problem  lies,  say,  with  the  operating  system 
or  another  piece  of  software. 

“It  just  does  what  it  does,”  Lewis  says,  describing  such  an  appli¬ 
ance,  “and  if  you  have  a  problem  you  call  the  vendor.  By  its  very 
nature  it’s  intended  to  be  robust,  basic.  It’s  a  workhorse.”  This 
approach  means  that  even  a  small  staff  can  keep  the  organization’s 
security  defenses  up  and  running. 

At  some  midsize  businesses,  the  entire  security  staff  is  made  up 
of  generalists  in  a  broader  sense— meaning  that  their  responsibil¬ 
ities  are  not  just  in  security.  At  Dallas-based  Hudson  Advisors,  for 
instance,  CSC  Mark  Lynd  is  also  the  global  chief  technology  offi¬ 
cer.  Lynd,  who  is  a  certified  information  systems  security  profes¬ 
sional  (CISSP),  spends  maybe  60  percent  of  his  time  on  security; 
the  rest  is  spent  on  technological  and  operational  duties.  His  staff 
of  four,  one  of  whom  also  is  a  CISSP,  each  spend  about  40  percent 
to  50  percent  of  their  time  on  security. 

“We  do  that  because  we’re  so  decentralized,”  says  Lynd,  whose 
company,  a  fast-growing  mortgage  servicer  and  real  estate  man¬ 
agement  firm  with  annual  revenue  of  $130  million,  has  seven 
data  centers,  including  ones  in  Guadalajara,  Mexico;  Taipei,  Tai¬ 
wan;  and  Frankfurt,  Germany. 

Lynd  has  the  equivalent  of  two  full-time  staff  in  Dallas,  with  two 
others  in  the  field.  He  could,  theoretically,  have  one  of  his  Dallas 
staff  devoted  100  percent  to  security.  But  by  having  each  person 
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for  Microsoft’  Office  and  SAP.’ 

Microsoft  and  SAP  have  come  together  in  an  unprecedented  alliance  to  put  the  power  of  SAP  applications  at 
the  fingertips  of  Microsoft  Office  users.  Duet  lets  employees  access  and  interact  with  key  SAP  business  processes 
while  in  their  familiar  Microsoft  Office  environment.  It  was  designed  to  help  boost  productivity  and  increase  policy 
compliance  —  without  additional  training.  Go  online  today  to  view  a  demo  at  duet.com 
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Mid-Market  Security 


spend  60  percent  of  his  time  on  security,  Lynd 
ensures  that  there  can  be  round-the-clock  cov¬ 
erage. 

Another  tactic:  The  IT  manager  at  each  of 
Hudson  Advisors’  data  centers  has  security 
built  into  his  job  responsibilities.  And  when 
Lynd  needs  further  expertise,  he  calls  in  con¬ 
sultants  from  DynTek,  a  Calif.-based  technol- 
og\"  service  provider. 


Make  the  most 
of  VARs,  which 
have  become 
more  about  “value 
added”  and  less  about 
reselling. 


Stanley  Jarocki,  information 
security  officer  at  Bessemer 
Trust,  believes  that  the  future 
promises  more  Sarbanes- 
Oxley-type  regulation,  not  less. 


Now  that  Jarocki  doesn’t  work  for  a  Fortune  50 
company  that  rockets  him  to  the  top  of  a  large 
sendee  provider’s  call-back  Ust,  he  has  found  that 
the  way  to  get  plenty  of  attention  for  his  organi¬ 
zation  is  to  not  work  directly  with  manufacturers 
at  aU.  Instead,  he  has  turned  increasingly  to  value- 
added  resellers,  or  VARs.  These  often  regional 
companies  sell  products  from  the  biggest  security 
and  information  technology  manufacturers  but 
add  their  own  expertise. 

For  instance,  Jarocki  works  with  Alliant  Ware, 
a  division  of  Alliant  Technologies,  which  sells 
products  from  Hewlett-Packard,  RSA,  Syman¬ 
tec  and  others.  He  also  works  with  Calence,  which 
has  offices  in  New  York  and  specializes  in  Cisco 
and  intrusion  detection  monitoring  systems. 

Jarocki  says  that  some  VARs  focus  on  mid-market  organiza¬ 
tions  and  are  often  able  to  give  smaller  companies  more  attention 
than  the  big  vendors  can.  The  trick,  as  usual,  is  picking  the  right 
ones  and  then  the  right  technologists  from  within  them.  To  do 
this,  he  relies  on  recommendations  both  from  peers  and  from  the 
manufacturers  themselves. 

“They’re  used  to  helping  smaller  organizations,  so  they  under¬ 
stand  our  problems,”  Jarocki  says,  speaking  about  the  VARs 
Bessemer  works  with.  “They  have  well-trained  people  certified 
in  the  products  that  we  use.  They’re  providing  a  quality  knowl¬ 
edge  base,  but  you  have  to  pick  and  choose  from  those  people.” 

The  approach  is  pretty  typical,  according  to  James  Browning, 
a  vice  president  of  Gartner’s  Small  and  Midsize  Business  Research 
Organization.  “Networking  and  security  are  two  prime  areas 
where  [small  and  midsize  businesses]  buy  all  those  products  and 
solutions  and  services  through  a  VAR,  because  A)  they  don’t  have 
the  resources  to  install,  deploy  and  manage  it  [all]  on  their  own, 
and  B)  most  of  these  projects  are  more  complex  than  the  staff  can 
handle  on  their  own. 


“The  VAR  will  basically  come  in  and  tell  the  [small  business]. 
You  should  do  these  two  things  this  year  and  these  two  the  next,” 
Browning  says.  “They’re  serving  the  roles  of  consultant,  adviser 
and  integrator.  They’re  the  folks  that  are  actually  deploying  this 
and  training  the  internal  IT  staff  on  how  to  manage  it.” 

Observers  say  they  expect  the  trend  going  forward  is  for  VARs 
to  do  more,  not  less— largely  because  the  VARs  have  learned  that 
the  margins  on  consulting  are  so  much  larger  than  on  simply 
bundling  and  reselling  software  or  other  goods. 

If  you  can’t  buy  it,  share  it 
(especially  when  it  comes 
to  compliance  expertise). 

In  days  gone  by,  Jarocki  used  to  have  a  sizable  research  budget.  Now, 
though,  the  best  research  information  he  gets  is  not  from  pricey 
consultants  but  from  his  peers.  “You  have  to  network  to  the  nth 
degree,  and  listen  to  what  other  people  are  doing,”  Jarocki  says. 
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DEFINE  YOUR  OPEN  ENTERPRISE" 

In  my  Open  Enterprise,  productivity  is 
up  because  workgroup  solutions  actually 
work  the  way  groups  want  them  to. 


People  are  more  productive  when  they  have  the  tools  and  support 
they  need  to  work  more  efficiently.  Workgroup  solutions  from 
Novell®  unite  infrastructure,  services  and  tools  with  unmatched 
security  and  reliability.  Regardless  of  location  or  device.  Our 
full  suite  of  networking,  communication  and  collaboration 
services  support  more  users  on  a  single  server,  simplifying 
administration  and  significantly  reducing  costs.  So  you 
can  communicate  and  collaborate  the  way  you  want, 
wherever  you  want — for  a  lot  less  than  you’d  think. 

Workgroup  solutions  from  Novell. 

This  is  the  way  to  connect  your  Open  Enterprise. 

Novell. 


This  is  Your  Open  Enterprise.™ 

www.novell.com/connect 
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Mid'Market  Security 


THE  MID-MARKET  SECURITY  CUP: 

Half  Full 

or  Half  Empty? 


Half  Full:  “Midsize  businesses  can  have  a 
greater  handle  on  where  the  valuable  data  resides. 

There  are  fewer  endpoints.  Some  medium-sized  com¬ 
panies  were  able  to  leapfrog  some  security  issues 
because  they  weren’t  so  bogged  down  by 
older  legacy  applications.  They  have  the  ability 
to  be  more  agile.” 

-Jim  Reavis,  founder  of  Reavis  Consulting 

Half  Empty:  “  The  hackers  have  begun  to  move  away 
from  bigger  firms,  and  they  have  taken  what  they’ve 
learned  and  are  applying  it  aggressively  to  the  mid-tier. 

There  is  no  longer  an  economic  incentive  to  go  big. 
Many  criminals  now  are  beginning  to  prefer  the  midsize 
companies,  who  may  be  less  likely  to  hire  private  inves¬ 
tigators  or  attorneys  to  seek  recourse.” 

-Josh  Daymont,  director  of  research  for  SecureWorks 


“You  read  enough  that  you  finally  go  to  your  peers  that  have 
implemented  something  and  you  say,  What  did  you  go 
through?  Then  you  hear  if  a  product  didn’t  work.” 

Jarocki  is  a  cofounder  of  the  Financial  Services  Informa¬ 
tion  Sharing  and  Analysis  Center  (an  industry  group),  so  he 
has  plenty  of  contacts  in  the  industry.  And  nowhere  does  his 
networking  pay  off  more  than  in  dealing  with  all  the  regula¬ 
tors  that  Bessemer,  as  a  brokerage,  must  answer  to— agencies 
as  wide-ranging  as  the  Treasury  Department’s  Office  of  the 
Comptroller  of  the  Currency  to  the  NASD  (formerly  the 
National  Association  of  Securities  Dealers). 

“You  listen  to  what  [the  regulators]  said  the  year  before, 
and  you  talk  to  your  peers  to  see  what  they’re  looking  for  this 
year,”  Jarocki  says.  “There  are  high  points.  The  high  points 
right  now  are  intrusion  detection— they  want  to  know  if  any 
client  data  is  being  hacked.  They’re  hot  on  business  continuity. 

The  other  one  is  controls— they  look  at  internal  controls, 
access  control.”  He  uses  the  information  he  gleans  to  focus  his 
energies.  “You  go  down  [the  list]  and  say.  Gee,  what  am  I 
doing  in  that  area?”  This  is  one  reason  why  his  one  full-time 
security  employee,  who  has  a  broad  skill  set,  is  getting  extra 
training  in  business  continuity. 

For  mid-market  companies— especially  ones  that  have  to 
comply  with  the  Sarbanes-Oxley  Act— putting  in  place  a 
strategy  for  efficient  regulatory  compliance  is  key.  “For  the 
ones  that  are  publicly  traded,  Sarbanes-Oxley  has  thrown  a  wrench 
in  the  works,”  Gartner’s  Pescatore  says.  “If  you’re  a  publicly  traded 
company  doing  $100  million  in  business  a  year  and  being  hit  with 
the  same  audit  capacity  that  GE’s  being  hit  with,  that’s  awful.” 

Pescatore  says  that  some  small  companies  are  talking  about  being 
delisted  so  that  they  don’t  have  to  comply  with  Sarbanes-Oxley,  but 
he  notes  that  these  difficulties  soon  may  lessen  a  bit.  In  December,  an 
advisory  panel  to  the  Securities  and  Exchange  Commission  recom¬ 
mended  that  the  SEC  ease  the 
auditing  requirements  for 
companies  with  revenue  of 
less  than  $250  million. 

But  Jarocki,  for  his  part,  is 
prepared  for  more  regula¬ 
tion,  not  less.  “The  auditors 
have  taken  Sarbox,  they’ve 
taken  the  [Gramm-Leach- Bliley  Act],  and  melded  the  two  together 
and  said,  Here’s  our  audit  program,”  he  says.  “Now  you  tell  me  I’m 
not  being  held  to  Sarbox,  and  I’ll  say  phooey  on  you.  The  bottom  line 
is,  if  an  organization  wants  to  be  properly  run,  you  go  for  the  best  you 
can.  You  go  for  the  best  controls  in  place  because  you  want  the  com¬ 
pany  to  stay  around.” 

Another  growing  point  of  pressure:  the  security  requirements  of 
larger  business  partners.  Says  consultant  Reavis,  “Larger  companies 
looking  at  their  supply  chains  are  concerned  about  risk,  but  cutting 
off  a  partner  from  their  supply  chain  is  not  feasible.”  For  instance.  Visa 
is  trying  to  improve  security  among  merchants  and  payment  proces¬ 
sors  with  its  PCI  data  security  program.  “That’s  where  you’re  going 
to  see  a  pain  point  for  the  midsize  companies.” 


Some  of  the  regulations  have  had  a  positive  effect.  At  WellSpan 
Health,  VP  and  CIO  William  “Buddy”  Gillespie  says  that  the  Health 
Insurance  Portability  and  Accountability  Act,  or  HIPAA,  was  a 
major  driver  for  the  IT  group  to  get  funding  for  security  and  disas¬ 
ter  recovery.  Gillespie  has  an  IT  security  manager  who  also  has  a  dot¬ 
ted  line  reporting  relationship  to  the  director  of  compliance  for 
WellSpan,  a  nonprofit  health-care  system  with  two  hospitals  and 
about  $619  million  in  annual  revenue.  That  manager  has  four  full¬ 
time  employees  whose  primary  responsibility  is  ensuring  that  any 
information  that’s  considered  protected  health  information  under 
HIPAA  is  kept  confidential. 

What  all  this  amounts  to  is  that  mid- market  information  security 
organizations  are  being  forced  to  play  catch-up  with  their  larger 
brethren.  In  fact,  Lewis’s  approach  is  to  benchmark  Cambridge 
Health  not  against  other  regional  hospital  groups,  but  against  much 
bigger,  for-profit  organizations  that  have  a  lot  more  resources. 

“It’s  good  to  watch  the  people  who  have  the  money  and  watch  the 
decisions  that  they  make  and  try  to  learn  from  that,”  Lewis  says, 
noting  that  he  does  this  by  reading  trade  publications,  talking  to 
peers  and  attending  meetings  of  professional  associations  such  as  the 
Information  Systems  Security  Association.  “We  follow  what  bank¬ 
ing  and  investment  houses  do,  because  they  can  afford  much  more. 
We  try  to  learn  from  that.  Then  we  have  to  face  reality  based  on 
what  we  have  and  say,  How  closely  can  we  align  ourselves  to  the  best 
practices  at  the  top  financial  houses?  We’re  striving  for  that.  It’s  way 
beyond  what  we  can  afford,  but  it  gets  us  thinking.”  BQ 


Sarah  D.  Scalet  is  a  senior  editor  for  CSO,  a  CIO  sister  publication.  She 
can  be  reached  at  sscalet@cio.com. 


Mid-Market  Challenges 


Find  out  what  mid-market  compa¬ 
nies  are  up  against.  Read  “Special 
Report:  Mid-Market  CIO”  at 

www.cio.com/specialreports. 
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LAST  APRIL,  CISCO  SYSTEMS  PUBLISHED  A  WHITE  PAPER 


explaining  how  the  companies  that  own  the  phone  lines  and  cables 
that  connect  homes  and  businesses  to  the  Internet— the  proverbial  last 
mile— could  use  new  routing  technology  to  boost  revenue.  The  tech¬ 
nology  would  allow  telephone  and  cable  companies  to  establish  prior¬ 
ity  lanes  for  high-bandwidth  traffic  like  video,  games,  or  voice-over-IP 


(VoIP)  calls  and  then  charge  the  Googles,  Yahoos  and  Amazons  of  the 
world  for  access  to  these  highway  toll  roads.  Cisco’s  paper  predicted  that 


this  new  strategy  would  allow  broadband  service 
new  revenue-sharing  business  models  with  any 
content  online. 

The  plan  had  only  one  problem:  It  was  illegal. 

The  telecommunications  laws  that  have  governed  the  Inter¬ 
net  since  its  inception  require  network  owners  to  treat  all  traf¬ 
fic  the  same.  The  laws  date  to  the  1930s  and  were  put  in  place 
to  force  telephone  companies  to  prevent  a  scenario  where  one 
company  could  refuse  to  carry  calls  placed  by  a  rival’s  cus¬ 
tomer.  The  Internet  was  designed  with  the  same  principle  in 
mind.  Routers  are  programmed  to  direct  each  packet  of  data  on 
a  best-effort  basis,  regardless  of  file  type— video,  voice,  e-mail— 
or  who  the  sender  and  recipient  are.  In  the  online  world,  this 
is  called  network,  or  net,  neutrality,  and  last  summer,  it  was  the 
only  thing  standing  between  the  telecommunications  compa¬ 
nies  and  a  vast  new  revenue  stream. 

Since  then,  a  Supreme  Court  ruling  and  a  series  of  Federal 
Communications  Commission  (FCC)  decisions  have  elimi¬ 
nated  this  barrier,  prompting  Congress  to  rewrite  the  nation’s 


providers  to  create 
company  that  sells 


telecommunications  laws. 

The  new  bill,  expected  to  be 
finalized  later  this  year,  will  in 
all  likelihood  officially  elimi¬ 
nate  net  neutrality  as  the  legal 
principle  that  governs  the 
Internet.  “If  net  neutrality 
goes  away,  it  will  fundamentally  change  everything  about  the 
Internet,”  says  James  Hilton,  associate  provost  for  Academic  IT 
Works  of  the  University  of  Michigan. 

The  impact  of  these  changes  on  CIOs  and  their  companies 
will  be  profound.  The  telecommunications  and  cable  compa¬ 
nies  argue  that  allowing  them  to  govern 
their  networks  as  they  see  fit  gives  them  a 
financial  incentive  to  innovate  at  the  core  of 
the  network,  and  develop  new  technolo-  ** 

gies  that  could  guarantee  things  that  CIOs  telecommunications 

want,  like  security  and  better  quality  of  strategic 

service.  Proponents  of  net  neutrality  ::  How  CIOs  can 
counter  that  the  principle  is  the  reason  that  prepare  for  the  new 

the  Internet  and  the  corresponding  online  I  nternet 

ecosystem  have  developed  into  the  com- 
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mercial  and  cultural  phenomenon  they  are 
today.  They  argue  that  without  a  level  play¬ 
ing  field,  telecommunications  companies 
will  force  content  providers— a  broad  cate¬ 
gory  that  includes  anyone  with  a  website— 
to  pay  up  or  see  access  to  their  content 
shifted  to  the  slow  lane. 

The  new  Internet  will  certainly  make 
telecommunications  decisions  more  strate¬ 
gic.  CIOs  will  not  only  need  to  worry  about 
how  much  bandwidth  to  buy,  but  which  lane 
they  want  their  traffic  to  travel  in.  And  tiered 
service  is  just  the  beginning.  Telecommu¬ 
nications  companies  will  be  able  to  rearchi¬ 
tect  their  networks  however  they  see  fit.  Over 
time,  the  new  architectures  and  the  services 
that  network  owners  deliver  will  result  in 
complicated  payer/payee  relationships 
between  content  providers  and  network 
owners.  And  if  a  telecommunications  com¬ 
pany  decides  it  wants  to  introduce  a  new 
Internet  standard,  CIOs  may  be  forced  to 
rearchitect  their  company’s  systems. 

The  common  thread  is  money.  For  all 
the  talk  about  equal  access  and  treating  all 
data  the  same,  the  net  neutrality  debate  is 
just  window  dressing  for  a  less  gentle¬ 
manly  argument  over  who  gets  to  profit  in 
the  online  economy.  More  bluntly,  Steve 
Effros,  former  president  of  the  Cable  Tele¬ 
vision  Association,  says,  “This  is  about 
who  pays.” 


Making  the  Content 
Providers  Pay 

The  current  telecommunications  act,  which 
was  written  in  1996,  was  designed  to  help 
local  phone  companies  compete  with  the 
baby  bells.  The  128-page  law  mentions  the 
word  “Internet”  a  grand  total  of  11  times, 
generally  treating  it  as  a  curiosity,  albeit 
one  with  potential.  Today,  that  curiosity 
has  evolved  into  the  world’s  dominant  com¬ 
merce  and  communications  platform.  And 
instead  of  a  battle  between  small  and  large 
phone  companies,  the  competition  that 
emerged  in  the  telecommunications  indus¬ 
try  is  between  cable  and  telephone  com¬ 
panies,  and  the  service  they  are  vying  to 
provide  is  not  just  phone,  but  high-speed 
Internet  access  and  television  as  well— the 
so-called  triple  play. 

In  June  2005,  the  Supreme  Court  ruled 
that  the  service  cable  companies  sold  was 
an  information  service,  not  a  telephony 
service,  and  hence  isn’t  covered  by  telecom¬ 
munications  law.  In  order  to  address  this 
imbalance  within  the  new  cable/phone 
competitive  landscape,  the  FCC  declared 
that  the  high-speed  DSL  connections 
offered  by  the  telephone  companies  were 
also  information  services.  The  result  is  that 
the  entire  Internet  is  now  essentially  out¬ 
side  the  law. 


Amid  all  this  legal  chaos,  the  telecom 
and  cable  providers  are  still  struggling  to 
figure  out  how  to  profit  from  the  vast  new 
market  for  online  services.  The  three  largest 
telecommunications  companies— Verizon, 
AT&T  and  Bell  South  (which  was  bought  by 
AT&T  pending  regulatory  approval)— all 
had  their  profits  drop  in  2005,  the  latter 
two  by  double-digit  percentages.  Comcast, 
the  nation’s  largest  cable  company,  saw  its 
profits  shrink  by  4.3  percent.  In  contrast, 
content  providers  are  taking  it  to  the  bank. 
Google’s  profits  increased  267  percent, 
Yahoo’s  126  percent  and  eBay’s  39  percent. 
Google,  whose  $6.1  billion  in  revenue  is  less 
than  half  of  Qwest’s  and  one-twelfth  of  Ver¬ 
izon’s,  has  a  market  cap  higher  than  any 
telecommunications  or  cable  company. 

It’s  no  surprise  that  the  carriers  might 
be  a  little  jealous  of  the  new  economy  wun- 
derkinders.  In  one  less  guarded  moment, 
Ed  Whitacre,  now  the  CEO  of  AT&T  (at 
the  time  he  was  the  CEO  of  SBC,  which 
bought  AT&T  but  adopted  its  name),  told 
BusinessWeek  last  November  what  he  really 
thought  of  companies  that  publish  content 
or  host  applications:  “They  don’t  have  any 
fiber  out  there.  They  don’t  have  any  wires. 
They  don’t  have  anything,”  Whitacre  said. 
“For  a  Google  or  a  Yahoo  or  a  Vonage  or 
anybody  to  expect  to  use  these  pipes  for  free 
is  nuts!” 


HOWTO 
GET 
READY 
FOR  THE 
NEW  NET 

Though  the  dust 
hasn’t  settled,  there 
are  steps  CIOs 
can  take  to  ready 
their  company  for 
the  new  Internet 


It’s  not  too  late  to 
make  your  voice 
heard.  If  you  feel 
strongly  about  net 
neutrality,  have 
your  CEO  call  your 
congressional 
representative. 


Figure  out  if  any  of  the 
services  you  offer  on 
your  website  would 
benefit  from  a  higher 
quality  of  service,  and 
then  be  prepared  to 
negotiate. 


Bring  telecommunica¬ 
tions  decisions 
in-house.  It  might  be 
a  commodity  market 
now,  but  soon  you 
will  be  negotiating 
for  more  than  just 
bandwidth. 


Let  your  CEO  and 
CFO  know  what  is 
going  on.  It  might  be 
years  before  a  carrier 
tries  to  sell  you  on  a 
tiered  service,  but  if 
you  don’t  warn  other 
executives  now,  the 
new  costs  will  come 
out  of  your  budget. 
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The  Road  to  Riches 

Whitacre’s  frustration  may  soon  be  a  thing 
of  the  past.  Telecom  officials  argue  that 
they  need  to  be  able  to  treat  different  types 
of  data  differently  in  order  to  meet  the 
demands  of  today’s  and  tomorrow’s  high- 
bandwidth  traffic.  “Some  products  are  only 
useful  if  they  come  as  a  constant  bit  stream, 
like  IP  TV,  video  gaming  and,  to  a  lesser 
extent,  voice  over  IP,’’  says  Bill  McCloskey, 
director  of  media  relations  for  Bell  South. 
“If  you  are  watching  the  Super 
Bowl  on  an  IP  TV,  and  someone 
down  the  street  decides  to  down¬ 
load  a  tune,  we  think  that  the 
video  signal  should  have  priority. 

The  small  delay  for  the  tune  just 
doesn’t  matter,  and  it  would  mat¬ 
ter  even  less  for  an  e-mail.  But  it 
matters  to  a  video  signal.’’ 

So  using  the  vision  outlined  in 
the  Cisco  white  paper,  the  telecoms 
are  proposing  that  they  build  ded¬ 
icated  lanes  on  the  Internet  for 
high-bandwidth  traffic.  The  rub  is 
that  these  lanes  will  be  toll  lanes, 
with  companies  needing  to  pay  for 
access.  The  telecommunications  companies 
say  this  pay-to-play  model  gives  them  an 
economic  incentive  to  innovate  on  the  net¬ 
work  itself,  which  will  lead  to  services  that 
businesses  will  want.  AT&T  declined  to  be 
interviewed  for  this  story.  However,  in  a 
prepared  statement,  AT&T  said:  “We  will 
succeed  or  fail  based  on  whether  or  not 
other  providers  see  value  in  engaging  in 
commercial  agreements  that  enhance  their 
content  or  applications.  And  that  means 
not  just  capacity  or  speed,  but  guaranteeing 
things  like  security  against  viruses,  worms 
and  spam.” 

Christopher  Yoo,  a  professor  at  Vanderbilt 
Law  School  whose  research  is  sponsored  in 
part  by  the  National  Cable  and  Telecom¬ 
munications  Association,  thinks  that  as 
telecommunications  companies  move  to  this 
tiered  approach,  complicated  payer/payee 
relationships  will  evolve,  with  content 
providers  and  network  owners  negotiating 
based  on  their  relative  strengths  in  the  mar¬ 
ket.  This  happens  now  in  the  cable  TV  world. 
The  cable  carriers  pay  channels  with  large 
audiences  such  as  ESPN  about  $2.50  per 


subscriber  and  an  established  niche  channel 
without  a  large  following  such  as  Oxygen 
about  25  cents.  And  not  only  would  cable 
carriers  not  pay  a  brand-new  channel  any¬ 
thing,  but  in  all  likelihood,  that  channel 
would  have  to  pay  the  cable  carrier  promo¬ 
tional  fees  to  use  its  pipes. 

A  better  analogy  for  the  telecommuni¬ 
cation  companies’  plan  to  offer  tiered  serv¬ 
ices  might  be  the  relationship  between  a 
food  manufacturer  and  supermarket,  says 
Yoo.  The  manufacturer  will  pay  the  super¬ 


market  more  money  for  better  shelf  posi¬ 
tioning.  In  this  example,  both  the  food 
manufacturer  and  the  supermarket  have 
the  same  goal:  to  sell  more  food.  The  argu¬ 
ment,  says  Yoo,  is  over  how  to  break  up  the 
profits. 

If  the  telecommunications  companies 
develop  the  online  equivalent  of  the  eye- 
level  shelf,  CIOs  will  have  to  give  up  a  per¬ 
centage  of  their  companies’  profits  to  be 
placed  there.  If  this  new  arrangement 
results  in  significantly  more  sales  and  rev¬ 
enue  for  a  company,  most  probably  won’t 
mind  paying  the  extra  freight.  But  there’s 
no  guarantee  these  new  charges  will  result 
in  additional  business,  and  it  will  be  years 
before  anyone  knows  whether  the  juice  is 
worth  the  squeeze. 

Even  so,  the  telecommunications  com- 


Will  There  Be  an  internet  Monopoly? 


Is  telecommunications  consolidation  creat¬ 
ing  a  monopoly  on  the  backbone?  Check  out 

a  MAP  OF  WHO  OWNS  THE  INTERNET  at 
blogs. cio.com/node/209. 
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panics  all  agree  with  AT&T  that  “this  is  an 
issue  best  left  to  the  marketplace.” 

The  Elephant 
in  the  Room 

The  problem  is  that  the  telecommunica¬ 
tions  marketplace  is  fast  consolidating.  The 
proposed  AT&T/Bell  South  merger  means 
that  the  10  regional  phone  companies  that 
emerged  from  the  Ma  Bell  breakup  will 
have  shrunk  to  three  in  less  than  a  decade. 
And  the  new  AT&T  will  be  twice  as  big  as 
all  the  cable  companies  put  together.  “A  free 
market  works  as  long  as  there  is  competi¬ 
tion,”  the  University  of  Michigan’s  Hilton 
says.  Hilton  and  other  proponents  of  net 
neutrality  are  concerned  that  giving  carri¬ 
ers  the  right  to  decide  how  traffic  flows  over 
their  networks  will  turn  telecommunica¬ 
tions  companies  into  online  kingmakers, 
giving  them  the  power  to  decide  who  will  be 
winners  and  losers  online  through  the  rates 
they  charge  and  the  speeds  they  deliver. 

This  kingmaker  role  greatly  dismays 
content  providers  and  other  proponents  of 
a  free  and  open  Web.  “The  Internet  is  the 
greatest  engine  of  innovation  we  have  ever 
seen  because  no  one  had  control  over  it,” 
says  Art  Brodsky,  communications  director 
for  Public  Knowledge,  a  digital  rights  advo¬ 
cacy  group. 

After  all,  Google  and  Yahoo  are  among 
the  new  economy’s  greatest  success  stories 
not  only  because  they  developed  services 
that  people  want  to  use,  but  also  because 
people  had  access  to  those  services.  What  if 
a  telecommunications  company  down¬ 
graded  one  of  its  services  because  it  had  a 
partnership  with  a  rival?  That’s  possible  in 
a  world  without  net  neutrality.  In  fact,  it  is 
already  happening.  Clearwire,  a  wireless 
broadband  provider,  sells  a  VoIP  service 
from  Bell  Canada  and  acknowledges  block¬ 
ing  VoIP  from  other  providers,  as  well  as 
other  high-bandwidth  applications.  Clear¬ 
wire  says  it  is  allowed  to  do  this  because  it 
sells  an  information  service  and  thus  is  not 
covered  by  the  Telecommunications  Act. 

More  generally,  net  neutrality  propo¬ 
nents  argue  that  changes  in  the  Internet’s 
architecture  could  make  it  harder  for  the 
creation  of  new  application  innovations, 
yet  such  innovations— like  e-mail,  Web 


For  all  the  talk  about 
equal  access,  the  net 
neutrality  debate  is 
ust  window  dressing 
bra  less  gentlemanly 
argument  over 
who  gets  to  profit 
in  the  online  economy. 
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browsers,  Ajax  and  new  search  capabili¬ 
ties— are  responsible  for  most  of  the  Inter¬ 
net’s  growth  to  date.  In  addition,  something 
as  complicated  as  changing  how  the  core 
of  the  Internet  works  doesn’t  happen 
overnight.  Indeed,  some  of  the  telecoms’ 
attempts  to  develop  new  network  tech¬ 
nologies  for  the  core  of  the  Internet  have 
been  less  than  successful.  For  instance,  net¬ 
work-based  standards  that  the  telecom¬ 
munications  companies  introduced,  like 
ATM  and  IP  multicasting,  were  supposed 
to  revolutionize  the  Internet  by  guaran¬ 
teeing  quality  of  service.  Instead,  they 
proved  to  be  so  expensive  that  they  never 
caught  on  outside  of  the  telecommunica¬ 
tions  companies’  own  networks  and  a 
handful  of  private  corporate  networks. 

In  addition,  while  a  network  owner  like 
AT&T  is  busy  experimenting  with  different 
architectures,  device  and  application  makers 
would  be  forced  to  delay  releasing  their  inno¬ 
vative  products  until  they  knew  how  to 
make  them  compatible  with  the  new  net¬ 
work  technology,  says  Gary  Bachula,  vice 
president  for  external  affairs  for  Internet2, 
the  ultra-high-speed  network  that  connects 
more  than  200  colleges  and  universities. 
Furthermore,  letting  network 
owners  adopt  different  stan¬ 
dards  will  inevitably  lead  to 
interoperability  problems, 
proponents  of  net  neutrality 
argue.  Look  no  further  than 
the  wireless  phone  system, 
they  say.  The  United  States 
had  competing  and  incom¬ 
patible  standards  for  years. 

Even  today,  phones  that  use 
U.S.  networks  don’t  work  in  Europe  and 
other  parts  of  the  world.  The  introduction  of 
a  new  IP  by  a  telecommunications  company 
could  have  the  same  effect. 

“It  is  not  inconceivable  that  the  optimal 
number  of  networks  may  be  greater  than 
one,”  Yoo  says.  In  general,  he  adds,  it  is  in 
network  owners’  best  interests  to  make 
their  product  compatible  with  everyone 
else’s.  However,  if  people  develop  a  new 
technology  that  they  believe  is  a  large 
enough  improvement  on  what  came  before, 
Yoo  argues  they  should  be  free  to  try  to  sell 
it  and  let  the  market  either  punish  or 
reward  the  decision.  And  that  prospect 


concerns  CIOs  and  other  observers. 

“If  you  had  to  have  a  different  architec¬ 
ture  for  every  single  provider  that  is  out 
there,  it  would  mean  Balkanization  of  the 
Internet,”  Bachula  says. 

How  to  Navigate  the 
New  Terrain 

One  thing’s  for  sure:  It  will  be  up  to  the 
CIO  to  make  sure  that  his  company  can 
negotiate  the  new  landscape.  Tiered  serv¬ 
ice  alone  “is  going  to  transfer  a  lot  of 
responsibility  to  the  [CIO],”  says  Steve 
Novak,  CIO  of  the  law  firm  Kirkland  and 
Ellis.  Telecommunications  costs  will  go  up, 
and  these  decisions  will  become  more 
strategic,  says  Novak,  because  they  will  no 
longer  just  be  about  how  much  bandwidth 
to  buy,  but  also  what  level  of  service  to  pur¬ 
chase  from  each  carrier. 

John  Ambler,  an  Accenture  consultant 
who  is  in  charge  of  telecommunications 
decisions  for  the  state  of  Arizona,  says  that 
lack  of  security  and  the  inability  to  deliver 
high-bandwidth  traffic  without  interrup¬ 
tion  are  obvious  problems  for  CIOs.  And  if 
the  network  owners  build  and  sell  a  solu¬ 


tion  to  these  challenges  before  application 
vendors  do,  so  be  it,  says  Ambler.  “If  I  have 
an  expanding  business  or  I  create  a  [high- 
bandwidth]  application.  I’d  gladly  pay  for 
better  service,”  he  says. 

Hilton,  on  the  other  hand,  worries  that 
paying  for  improved  services  is  positive  spin 
on  a  more  sinister  reality.  “Frame  it  the  other 
way,”  he  says.  “Would  you  pay  to  prevent 
someone  from  degrading  your  service?” 

Longer  term,  a  telecommunications  com¬ 
pany  may  try  to  introduce  a  new  standard- 
having  the  freedom  to  do  so  is  an  explicit 
part  of  the  telecommunication  industry’s 
vision.  And  as  Bachula  suggested,  CIOs 


Some  argue  that  giving 
carriers  the  right  to  decide 
how  traffic  flows  over  their 
networks  will  turn  them 
into  online  kingmakers. 


would  then  need  to  rearchitect  their  systems 
so  they  work  with  more  than  one  network 
technology.  “Everything  we  do  is  IP-based,” 
says  Novak.  “The  investment  [required]  to 
move  from  the  IP  standard  would  change  a 
tremendous  amount  for  us.” 

Hilton  says  that  he  likes  the  idea  of  bet¬ 
ter  networks;  after  all,  it’s  impossible  to 
come  out  against  innovation,  but  he  wor¬ 
ries  that  if  a  company  the  size  of  AT&T 
decided  to  introduce  its  own  standard,  it 
wouldn’t  necessarily  have  to  be  a  better 
technology.  CIOs  would  be  forced  to  adjust 
their  applications  to  conform  to  the  new 
standard  simply  because  of  AT&T’s  market 
share.  “The  last  thing  I  want  to  do  is  nego¬ 
tiate  a  bunch  of  closed  proprietary  net¬ 
works,”  says  Hilton. 

The  Legislature  Picture 

Such  arguments  are  already  being  aired  in 
the  halls  of  Congress.  But  between  the 
money  involved  and  progression  of  draft 
legislation,  it  doesn’t  look  good  for  net  neu¬ 
trality  advocates.  The  U.S.  Telecom  Associ¬ 
ation  alone  spent  more  than  $16  million  on 
lobbying  in  2005.  AT&T  spent  more  than 
$11  million,  Verizon  at  least  $7.5  million 
[Verizon’s  filing  is  incomplete]  and  Bell 
South  $7.4  million.  In  contrast,  Microsoft, 
which  spent  $8.7  million,  was  the  only  pro¬ 
ponent  of  net  neutrality  to  break  a  million. 

Not  surprisingly,  drafts  for  a  new 
Telecommunications  Act  have  had  pro¬ 
gressively  fewer  protections  for  net  neu¬ 
trality.  An  early  version  adopted  the  term, 
a  later  version  watered  down  neutrality 
protection,  and  the  most  recent  draft  didn’t 
have  any  at  all.  Even  the  most  hard-core 
advocates  see  the  handwriting  on  the  wall. 
“We’re  up  against  a  bigger,  more  powerful 
player,”  says  Public  Knowledge’s  Brodsky. 

In  the  meantime,  CIOs  need  to  prepare 
for  an  Internet  and  economic  arrangements 
that  will  be  quite  different.  And  for  CIOs 
who  don’t  want  to  pay?  Tough  luck,  says 
Vanderbilt’s  Yoo.  “No  one  ever  promised 
that  the  business  environment  that  you 
started  in  will  be  the  business  environment 
of  tomorrow.”  QEl 


Senior  Writer  Ben  Worthen  can  be  reached  at 
bworthen@cio.com. 
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%  YOUR  JOB  IS  TO  KEEP  SYSTEMS  AND  APPLICATIONS  RUNNING, 
ipws  ;  OUR  MISSION  IS  TO  KEEP  PEOPLE  AND  INFORMATION  CONNECTED. 

LET’S  WORK  TOGETHER. 


Continuous  access  to  information  no  matter  what.  That’s 
Information  Availability.  It’s  what  your  employees,  suppliers 
and  customers  demand  every  minute  of  every  day.  But  to 
deliver  it  flawlessly,  you  need  a  massive  global  infrastructure, 
redundant  systems  and  diverse  networks  being  monitored  and 
supported  by  skilled  technical  experts  at  secure  facilities. 
That’s  exactly  what  SunGard  provides. 

As  a  result,  we  can  offer  you  a  higher  level  of  availability  and 
save  your  company,  on  average,  25%*  versus  building  the 
infrastructure  yourself.  Plus,  it’s  a  vendor  neutral  solution  that 
lets  you  control  your  data,  applications  and  network  while 
giving  you  the  flexibility  to  adjust  to  the  changing  needs  of  your 
business.  But  best  of  all,  it  lets  you  spend  more  time  solving 
business  problems  and  less  time  solving  technical  problems. 


For  years,  companies  around  the  world  have  turned  to  SunGard 
to  restore  their  systems  when  something  went  wrong.  So,  it’s  not 
surprising  that  they’re  now  turning  to  us  to  mitigate  risk  and 
make  sure  they  never  go  down  in  the  first  place. 

You  want  your  network  and  systems  to  always  be  up  and  running.  We 
want  the  same  thing.  Let’s  get  together.  To  learn  more,  contact  us  at 
1-800-468-7483  or  go  to  www.availability.sungard.com/masteria  and 
get  your  free  copy  of  the  book  “Mastering  Information  Availability.” 

SUNGARD^ 

Availability  Services  Connected^" 

*Potential  savings  based  on  IOC  White  Paper,  Ensuring  Information  Availabiiity:  Aligning  Customer 
Needs  with  an  Optimal  Investment  Strategy. 
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It  starts  with  a  challenge. 

Then  comes  the  idea. 


Find  out  what  comes  next  at 
CIO  100  Symposium  &  Awards, 

WWW. cio.com/confe  re  nces 

Presented  by 


The  Glue  Gun  and  Other  Sticky  Stories 


Tracking  technology  is  getting  cheaper  and  easier  to  implement  every  day.  As  a  result,  separating  truth 
from  science  fiction  is  getting  more  difficult.  See  if  you  can  tell  which  of  these  stories  are  the  real  deal 
and  which  are  gags.  Answers  below. 


V  Suspicious  wives  and  girlfriends 
I  ■  in  Korea  can  use  GPS-enabled 
mU  M  cell  phones  to  keep 
a  watchful  eye  on  their  husbands  and 
boyfriends.  And  to  avoid  being  caught 
at  the  local  bar  rather  than  at  the  office, 
our  source  in  the  cell  phone  industry 
says,  some  of  these  men  have  begun 
paying  people  to  carry  their  phones  to 
less  risky  places  during  their  after-work 
carousing.  “The  bar?  No,  sweetie!  I’m 
still  at  the  office!  See?” 


Tiny,  wealthy  Manalapan,  Fla., 
■  has  installed  infrared  security 
mam  M  cameras  that  record  every  car 
that  drives  through  town  while  software 
checks  the  plate  numbers  against  law 
enforcement  databases.  “Courts  have 
ruled  that  in  a  public  area,  you  have  no 
expectation  of  privacy,”  said  police 
Chief  Clay  Walker. 


To  avoid  being  tracked  by  a 
state-mandated  GPS  system, 
a  Massachusetts  snowplow 
operator  allegedly  left  his  GPS  device  in 
a  paper  bag  by  the  side  of  the  road  while 
he  ran  off  to  work  a  private  job.  Another 
time,  he  reportedly  handed  his  transmit¬ 
ter  to  a  fellow  snowplow  operator.  While 
the  second  driver  followed  the  state- 
assigned  route,  the  first  pursued  side 
jobs  yet  again. 


In  order  to  cut  down  on  the 
number  of  dangerous,  high¬ 
speed  chases,  Los  Angeles 
police  officers  are  testing  a  “glue  gun” 
that  can  fire  a  sticky  GPS  transmitter  at 
a  fleeing  vehicle.  That  way,  the  officers 
can  track  the  suspect’s  vehicle  without 
chasing  it  and  putting  lives  at  risk. 
(There’s  been  no  word  yet  on  whether 
sales  of  Goo-Off  adhesive  remover  have 
increased  in  high-crime  areas.) 


Security  camera  network 
operator  CityWatcher.com 
has  asked  its  employees  to  get 
RFIDchips  implanted  intheirarmsto 
facilitate  entry  into  the  company’s  secure 
data  centers.  CityWatcher  CEO  Sean 
Darks  says  that  the  program  is  voluntary, 
and  employees  can  easily  have  the  chip 
removed  if  they  desire.  “The  joke  here  is 
that  we  make  them  leave  their  arm,”  he 
says.  Ha,  ha.  Ouch. 
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Sun. 
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5x  the  performance,  1/4  the  size. 

WITH  A  PROCESSOR  THAT  USES  ABOUT 
THE  SAME  POWER  AS  A  LIGHT  BULB. 

The  new  Sun  Fire”  servers  with  CoolThreads"  technology. 


STABILITY 


If  there's  one  constant  in  business  today,  it's  change. 
But  large  or  small,  internal  or  external,  change 
doesn't  have  to  impede  IT  service  delivery.  Think  of 
change  as  an  opportunity  for  IT  to  satisfy  fluctuating 
demand  while  maintaining  a  stable,  productive  work 
environment.  With  integrated  CA  software  solutions 
for  service  management  and  service  availability,  you 
can  unify  and  simplify  the  way  you  manage  complex 
IT  services  across  the  enterprise.  Anticipate  and 
prioritize  shifting  demand.  Automate  processes  to 
ensure  timely  delivery  and  reliability  of  service.  And 
leverage  industry  best  practices  such  as  ITIL.  It's  all 
possible  with  our  unique  approach  to  managing 
technology  called  Enterprise  IT  Management  (EITM). 
To  learn  more  about  how  CA  solutions  can  stabilize 
change  to  create  a  true  service-driven  IT 
environment,  visit  ca.com/deliver. 
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